VYPR

apk package

chainguard/jenkins-2.541-openjdk-25

pkg:apk/chainguard/jenkins-2.541-openjdk-25

Vulnerabilities (4)

  • CVE-2026-42779CriMay 1, 2026
    affected < 2.541.3-r7fixed 2.541.3-r7

    The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all

  • CVE-2026-42778CriMay 1, 2026
    affected < 2.541.3-r7fixed 2.541.3-r7

    The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applie

  • CVE-2026-41409CriApr 27, 2026
    affected < 2.541.3-r7fixed 2.541.3-r7

    The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are A

  • CVE-2026-41635CriApr 27, 2026
    affected < 2.541.3-r7fixed 2.541.3-r7

    Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in th