VYPR

apk package

chainguard/jenkins-2-openjdk-21

pkg:apk/chainguard/jenkins-2-openjdk-21

Vulnerabilities (26)

  • CVE-2025-7962Jul 21, 2025
    affected < 2.544-r1fixed 2.544-r1

    In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.

  • CVE-2025-48976Jun 16, 2025
    affected < 2.515-r0fixed 2.515-r0

    Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or

  • CVE-2025-41234MedJun 12, 2025
    affected < 2.515-r0fixed 2.515-r0

    Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-s

  • CVE-2025-48734May 28, 2025
    affected < 2.512-r1fixed 2.512-r1

    Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was no

  • CVE-2020-36843MedMar 13, 2025
    affected < 2.544-r1fixed 2.544-r1

    The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different fr

  • CVE-2024-52046Dec 25, 2024
    affected < 2.491-r2fixed 2.491-r2

    The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially craf

Page 2 of 2