VYPR

apk package

chainguard/cloudwatch-exporter

pkg:apk/chainguard/cloudwatch-exporter

Vulnerabilities (12)

  • CVE-2026-2332HigApr 14, 2026
    affected < 0.17.0-r0fixed 0.17.0-r0

    In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/2025/10/29/funky-chunks-2.html Jetty term

  • CVE-2025-11143Mar 5, 2026
    affected < 0.17.0-r0fixed 0.17.0-r0

    The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the UR

  • CVE-2025-58057Sep 3, 2025
    affected < 0.16.0-r7fixed 0.16.0-r7

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s

  • CVE-2025-24970Feb 10, 2025
    affected < 0.16.0-r3fixed 0.16.0-r3

    Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cas

  • CVE-2024-47535Nov 12, 2024
    affected < 0.16.0-r2fixed 0.16.0-r2

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application

  • CVE-2024-8184Oct 14, 2024
    affected < 0.16.0-r1fixed 0.16.0-r1

    There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's

  • CVE-2024-6763Oct 14, 2024
    affected < 0.17.0-r0fixed 0.17.0-r0

    Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs fro

  • CVE-2024-29025Mar 25, 2024
    affected < 0.15.5-r1fixed 0.15.5-r1

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, t

  • CVE-2023-41900Sep 15, 2023
    affected < 0.15.4-r3fixed 0.15.4-r3

    Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenti

  • CVE-2023-40167Sep 15, 2023
    affected < 0.15.4-r3fixed 0.15.4-r3

    Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely

  • CVE-2023-36479Sep 15, 2023
    affected < 0.15.4-r3fixed 0.15.4-r3

    Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a spac

  • CVE-2023-34462Jun 22, 2023
    affected < 0.15.4-r2fixed 0.15.4-r2

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does