VYPR

apk package

chainguard/gradle-9

pkg:apk/chainguard/gradle-9

Vulnerabilities (5)

  • CVE-2026-5598HigApr 15, 2026
    affected < 9.4.1-r2fixed 9.4.1-r2

    Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.

  • CVE-2026-3505HigApr 15, 2026
    affected < 9.4.1-r2fixed 9.4.1-r2

    Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules). This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.J

  • CVE-2026-0636MedApr 15, 2026
    affected < 9.4.1-r2fixed 9.4.1-r2

    Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from

  • CVE-2025-67030HigMar 25, 2026
    affected < 9.4.1-r1fixed 9.4.1-r1

    Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

  • CVE-2025-48924Jul 11, 2025
    affected < 9.0.0-r1fixed 9.0.0-r1

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowErr