VYPR

apk package

chainguard/debezium-3.3-connector-jdbc

pkg:apk/chainguard/debezium-3.3-connector-jdbc

Vulnerabilities (3)

  • CVE-2026-42198HigApr 29, 2026
    affected < 3.3.2-r5fixed 3.3.2-r5

    pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very larg

  • CVE-2026-27830HigFeb 26, 2026
    affected < 3.3.2-r2fixed 3.3.2-r2

    c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually repre

  • CVE-2026-27727Feb 25, 2026
    affected < 3.3.2-r2fixed 3.3.2-r2

    mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attack