VYPR

apk package

chainguard/camunda-zeebe-8.6-compat

pkg:apk/chainguard/camunda-zeebe-8.6-compat

Vulnerabilities (26)

  • CVE-2025-31651Apr 28, 2025
    affected < 8.6.15-r1fixed 8.6.15-r1

    Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security

  • CVE-2025-31650Apr 28, 2025
    affected < 8.6.15-r1fixed 8.6.15-r1

    Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resul

  • CVE-2025-22235HigApr 28, 2025
    affected < 8.6.13-r2fixed 8.6.13-r2

    EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointR

  • CVE-2025-27820Apr 24, 2025
    affected < 8.6.13-r1fixed 8.6.13-r1

    A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

  • CVE-2025-22228HigMar 20, 2025
    affected < 8.6.12-r1fixed 8.6.12-r1

    BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

  • CVE-2024-7254Sep 19, 2024
    affected < 8.6.12-r1fixed 8.6.12-r1

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf

Page 2 of 2