VYPR

apk package

chainguard/apicurio-registry

pkg:apk/chainguard/apicurio-registry

Vulnerabilities (52)

  • CVE-2025-27817Jun 10, 2025
    affected < 3.0.9-r1fixed 3.0.9-r1

    A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwk

  • CVE-2025-48734May 28, 2025
    affected < 3.0.8-r0fixed 3.0.8-r0

    Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was no

  • CVE-2025-4949May 21, 2025
    affected < 3.0.7-r1fixed 3.0.7-r1

    In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML Exte

  • CVE-2024-58103MedMar 16, 2025
    affected < 3.1.2-r0fixed 3.1.2-r0

    Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt.

  • CVE-2025-2240HigMar 12, 2025
    affected < 3.0.6-r2fixed 3.0.6-r2

    A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.

  • CVE-2025-1634HigFeb 26, 2025
    affected < 3.0.6-r2fixed 3.0.6-r2

    A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryErr

  • CVE-2025-25193Feb 10, 2025
    affected < 0fixed 0

    Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts

  • CVE-2025-24970Feb 10, 2025
    affected < 3.0.6-r1fixed 3.0.6-r1

    Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cas

  • CVE-2024-57699HigFeb 5, 2025
    affected < 3.1.7-r1fixed 3.1.7-r1

    A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of a

  • CVE-2024-12397HigDec 12, 2024
    affected < 3.0.6-r1fixed 3.0.6-r1

    A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leadi

  • CVE-2024-47535Nov 12, 2024
    affected < 3.0.6-r1fixed 3.0.6-r1

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application

  • CVE-2012-5783Nov 4, 2012
    affected < 3.0.6-r2fixed 3.0.6-r2

    Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows m

Page 3 of 3