apk package
chainguard/clojure-tools
pkg:apk/chainguard/clojure-tools
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2332 | Hig | 7.4 | < 1.12.5.1654-r0 | 1.12.5.1654-r0 | Apr 14, 2026 | In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty term | |
| CVE-2025-67030 | Hig | 8.8 | < 1.12.4.1629-r0 | 1.12.4.1629-r0 | Mar 25, 2026 | Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code | |
| CVE-2024-6763 | — | < 1.12.4.1629-r0 | 1.12.4.1629-r0 | Oct 14, 2024 | Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs fro |
- affected < 1.12.5.1654-r0fixed 1.12.5.1654-r0
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty term
- affected < 1.12.4.1629-r0fixed 1.12.4.1629-r0
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
- CVE-2024-6763Oct 14, 2024affected < 1.12.4.1629-r0fixed 1.12.4.1629-r0
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs fro