VYPR

apk package

chainguard/pinot-fips

pkg:apk/chainguard/pinot-fips

Vulnerabilities (44)

  • CVE-2025-11143Mar 5, 2026
    affected < 1.5.0-r0fixed 1.5.0-r0

    The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the UR

  • CVE-2025-67721Dec 12, 2025
    affected < 1.4.0-r2fixed 1.4.0-r2

    Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffe

  • CVE-2025-59419MedOct 15, 2025
    affected < 1.5.0-r9fixed 1.5.0-r9

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return (\r) and Line Feed (\n) char

  • CVE-2025-8916MedAug 13, 2025
    affected < 1.5.0-r0fixed 1.5.0-r0

    Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API m

Page 3 of 3