VYPR

apk package

chainguard/apache-tika-fips-3.1-compat

pkg:apk/chainguard/apache-tika-fips-3.1-compat

Vulnerabilities (2)

  • CVE-2025-68161Dec 18, 2025
    affected < 3.1.0-r3fixed 3.1.0-r3

    The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName co

  • CVE-2025-66516Dec 4, 2025
    affected < 3.1.0-r0fixed 3.1.0-r0

    Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability