VYPR

apk package

chainguard/management-api-for-apache-cassandra-5.0-compat

pkg:apk/chainguard/management-api-for-apache-cassandra-5.0-compat

Vulnerabilities (23)

  • CVE-2025-67735Dec 16, 2025
    affected < 0.1.111-r1fixed 0.1.111-r1

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling wh

  • CVE-2025-59419MedOct 15, 2025
    affected < 0.1.108-r2fixed 0.1.108-r2

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return (\r) and Line Feed (\n) char

  • CVE-2025-11226MedOct 1, 2025
    affected < 0.1.109-r0fixed 0.1.109-r0

    ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment varia

  • CVE-2025-58057Sep 3, 2025
    affected < 0.1.107-r2fixed 0.1.107-r2

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s

  • CVE-2025-55163Aug 13, 2025
    affected < 0.1.106-r1fixed 0.1.106-r1

    Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the

  • CVE-2025-25193Feb 10, 2025
    affected < 0fixed 0

    Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts

  • CVE-2025-24970Feb 10, 2025
    affected < 0.1.97-r1fixed 0.1.97-r1

    Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cas

  • CVE-2024-12801LowDec 19, 2024
    affected < 0.1.96-r1fixed 0.1.96-r1

    Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE

  • CVE-2024-12798MedDec 19, 2024
    affected < 0.1.96-r1fixed 0.1.96-r1

    ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an en

  • CVE-2024-47535Nov 12, 2024
    affected < 0fixed 0

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application

  • CVE-2024-47554Oct 3, 2024
    affected < 0.1.89-r0fixed 0.1.89-r0

    Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are

  • CVE-2021-47621HigJun 21, 2024
    affected < 0.1.89-r0fixed 0.1.89-r0

    ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.

  • CVE-2021-46877Mar 18, 2023
    affected < 0.1.89-r0fixed 0.1.89-r0

    jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.

  • CVE-2022-1471Dec 1, 2022
    affected < 0.1.89-r0fixed 0.1.89-r0

    SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restric

  • CVE-2022-41854Nov 11, 2022
    affected < 0.1.89-r0fixed 0.1.89-r0

    Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service

  • CVE-2022-42004Oct 2, 2022
    affected < 0.1.89-r0fixed 0.1.89-r0

    In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

  • CVE-2022-42003Oct 2, 2022
    affected < 0.1.89-r0fixed 0.1.89-r0

    In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

  • CVE-2022-38752Sep 5, 2022
    affected < 0.1.89-r0fixed 0.1.89-r0

    Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

  • CVE-2022-38751Sep 5, 2022
    affected < 0.1.89-r0fixed 0.1.89-r0

    Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

  • CVE-2022-38750Sep 5, 2022
    affected < 0.1.89-r0fixed 0.1.89-r0

    Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Page 1 of 2