VYPR

apk package

chainguard/opensearch-3-security

pkg:apk/chainguard/opensearch-3-security

Vulnerabilities (23)

  • CVE-2025-22227MedJul 16, 2025
    affected < 3.3.0-r0fixed 3.3.0-r0

    In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

  • CVE-2025-27817HigJun 10, 2025
    affected < 3.0.0-r2fixed 3.0.0-r2

    A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwk

  • CVE-2025-48734HigMay 28, 2025
    affected < 3.3.2-r0fixed 3.3.2-r0

    Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was no

Page 2 of 2