apk package
chainguard/camunda-zeebe-8.6-compat
pkg:apk/chainguard/camunda-zeebe-8.6-compat
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-31651 | — | < 8.6.15-r1 | 8.6.15-r1 | Apr 28, 2025 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security | ||
| CVE-2025-31650 | — | < 8.6.15-r1 | 8.6.15-r1 | Apr 28, 2025 | Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resul | ||
| CVE-2025-22235 | Hig | 7.3 | < 8.6.13-r2 | 8.6.13-r2 | Apr 28, 2025 | EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointR | |
| CVE-2025-27820 | — | < 8.6.13-r1 | 8.6.13-r1 | Apr 24, 2025 | A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release | ||
| CVE-2025-22228 | Hig | 7.4 | < 8.6.12-r1 | 8.6.12-r1 | Mar 20, 2025 | BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. | |
| CVE-2024-7254 | — | < 8.6.12-r1 | 8.6.12-r1 | Sep 19, 2024 | Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf |
- CVE-2025-31651Apr 28, 2025affected < 8.6.15-r1fixed 8.6.15-r1
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security
- CVE-2025-31650Apr 28, 2025affected < 8.6.15-r1fixed 8.6.15-r1
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resul
- affected < 8.6.13-r2fixed 8.6.13-r2
EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointR
- CVE-2025-27820Apr 24, 2025affected < 8.6.13-r1fixed 8.6.13-r1
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
- affected < 8.6.12-r1fixed 8.6.12-r1
BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.
- CVE-2024-7254Sep 19, 2024affected < 8.6.12-r1fixed 8.6.12-r1
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf
Page 2 of 2