VYPR

apk package

chainguard/sonar-scanner-cli-compat

pkg:apk/chainguard/sonar-scanner-cli-compat

Vulnerabilities (4)

  • CVE-2025-11226MedOct 1, 2025
    affected < 7.3.0.5189-r1fixed 7.3.0.5189-r1

    ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment varia

  • CVE-2025-48924Jul 11, 2025
    affected < 7.1.0.4889-r2fixed 7.1.0.4889-r2

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowErr

  • CVE-2024-12801LowDec 19, 2024
    affected < 6.2.1.4610-r1fixed 6.2.1.4610-r1

    Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE

  • CVE-2024-12798MedDec 19, 2024
    affected < 6.2.1.4610-r1fixed 6.2.1.4610-r1

    ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an en