VYPR

apk package

chainguard/elasticsearch-8.17-config

pkg:apk/chainguard/elasticsearch-8.17-config

Vulnerabilities (5)

  • CVE-2025-67735Dec 16, 2025
    affected < 8.17.10-r15fixed 8.17.10-r15

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling wh

  • CVE-2025-58057Sep 3, 2025
    affected < 8.17.10-r13fixed 8.17.10-r13

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s

  • CVE-2025-58056Sep 3, 2025
    affected < 8.17.10-r13fixed 8.17.10-r13

    Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a ch

  • CVE-2025-54988Aug 20, 2025
    affected < 8.17.10-r1fixed 8.17.10-r1

    Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger ma

  • CVE-2025-22227MedJul 16, 2025
    affected < 8.17.8-r3fixed 8.17.8-r3

    In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.