VYPR

apk package

chainguard/commercial-elasticsearch-9.2

pkg:apk/chainguard/commercial-elasticsearch-9.2

Vulnerabilities (2)

  • CVE-2026-5598HigApr 15, 2026
    affected < 9.2.8-r1fixed 9.2.8-r1

    Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.

  • CVE-2025-68161Dec 18, 2025
    affected < 9.2.8-r0fixed 9.2.8-r0

    The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName co