VYPR

apk package

chainguard/clojure-tools

pkg:apk/chainguard/clojure-tools

Vulnerabilities (3)

  • CVE-2026-2332HigApr 14, 2026
    affected < 1.12.5.1654-r0fixed 1.12.5.1654-r0

    In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty term

  • CVE-2025-67030HigMar 25, 2026
    affected < 1.12.4.1629-r0fixed 1.12.4.1629-r0

    Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

  • CVE-2024-6763Oct 14, 2024
    affected < 1.12.4.1629-r0fixed 1.12.4.1629-r0

    Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs fro