VYPR

apk package

chainguard/seata-namingserver

pkg:apk/chainguard/seata-namingserver

Vulnerabilities (5)

  • CVE-2025-67735Dec 16, 2025
    affected < 2.5.0-r4fixed 2.5.0-r4

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling wh

  • CVE-2025-61795MedOct 27, 2025
    affected < 2.5.0-r3fixed 2.5.0-r3

    Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage co

  • CVE-2025-55754CriOct 27, 2025
    affected < 2.5.0-r3fixed 2.5.0-r3

    Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was po

  • CVE-2025-55752HigOct 27, 2025
    affected < 2.5.0-r3fixed 2.5.0-r3

    Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL,

  • CVE-2025-59419MedOct 15, 2025
    affected < 2.5.0-r1fixed 2.5.0-r1

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return (\r) and Line Feed (\n) char