VYPR

apk package

chainguard/seata-openjdk-17-compat

pkg:apk/chainguard/seata-openjdk-17-compat

Vulnerabilities (7)

  • CVE-2025-67735Dec 16, 2025
    affected < 2.5.0-r4fixed 2.5.0-r4

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling wh

  • CVE-2025-61795MedOct 27, 2025
    affected < 2.5.0-r3fixed 2.5.0-r3

    Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage co

  • CVE-2025-55754CriOct 27, 2025
    affected < 2.5.0-r3fixed 2.5.0-r3

    Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was po

  • CVE-2025-55752HigOct 27, 2025
    affected < 2.5.0-r3fixed 2.5.0-r3

    Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL,

  • CVE-2025-59419MedOct 15, 2025
    affected < 2.5.0-r1fixed 2.5.0-r1

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return (\r) and Line Feed (\n) char

  • CVE-2024-38819HigDec 19, 2024
    affected < 2.5.0-r3fixed 2.5.0-r3

    Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the S

  • CVE-2024-38828MedNov 18, 2024
    affected < 2.5.0-r3fixed 2.5.0-r3

    Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.