VYPR

apk package

chainguard/camunda-zeebe-8.3-compat

pkg:apk/chainguard/camunda-zeebe-8.3-compat

Vulnerabilities (6)

  • CVE-2026-21452Jan 2, 2026
    affected < 8.3.22-r12fixed 8.3.22-r12

    MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java parses extension headers

  • CVE-2025-68161Dec 18, 2025
    affected < 8.3.22-r11fixed 8.3.22-r11

    The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName co

  • CVE-2025-67735Dec 16, 2025
    affected < 8.3.22-r10fixed 8.3.22-r10

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling wh

  • CVE-2025-8916MedAug 13, 2025
    affected < 8.3.22-r9fixed 8.3.22-r9

    Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API m

  • CVE-2025-22227MedJul 16, 2025
    affected < 8.3.22-r4fixed 8.3.22-r4

    In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

  • CVE-2025-48924Jul 11, 2025
    affected < 8.3.22-r2fixed 8.3.22-r2

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowErr