VYPR

apk package

chainguard/logstash-9.1-env2yaml

pkg:apk/chainguard/logstash-9.1-env2yaml

Vulnerabilities (10)

  • CVE-2025-14762MedDec 17, 2025
    affected < 9.1.8-r2fixed 9.1.8-r2

    Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitiga

  • CVE-2025-67735Dec 16, 2025
    affected < 9.1.8-r1fixed 9.1.8-r1

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling wh

  • CVE-2025-61921Oct 10, 2025
    affected < 9.1.5-r2fixed 9.1.5-r2

    Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used when constructing the respon

  • CVE-2025-61919Oct 10, 2025
    affected < 9.1.5-r2fixed 9.1.5-r2

    Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large

  • CVE-2025-61780Oct 10, 2025
    affected < 9.1.5-r2fixed 9.1.5-r2

    Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could ca

  • CVE-2025-61772Oct 7, 2025
    affected < 9.1.5-r1fixed 9.1.5-r1

    Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incomin

  • CVE-2025-61771Oct 7, 2025
    affected < 9.1.5-r1fixed 9.1.5-r1

    Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request

  • CVE-2025-61770Oct 7, 2025
    affected < 9.1.5-r1fixed 9.1.5-r1

    Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid

  • CVE-2025-58057Sep 3, 2025
    affected < 9.1.3-r2fixed 9.1.3-r2

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s

  • CVE-2025-58056Sep 3, 2025
    affected < 9.1.3-r2fixed 9.1.3-r2

    Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a ch