VYPR

apk package

chainguard/flink-2.0

pkg:apk/chainguard/flink-2.0

Vulnerabilities (3)

  • CVE-2026-34480HigApr 10, 2026
    affected < 2.0.1-r6fixed 2.0.1-r6

    Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets producing invalid XML output whene

  • CVE-2026-34479HigApr 10, 2026
    affected < 2.0.1-r6fixed 2.0.1-r6

    The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downs

  • CVE-2025-68161Dec 18, 2025
    affected < 2.0.1-r2fixed 2.0.1-r2

    The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName co