VYPR

apk package

chainguard/spark-4.0-scala-2.13-compat

pkg:apk/chainguard/spark-4.0-scala-2.13-compat

Vulnerabilities (7)

  • CVE-2025-68161Dec 18, 2025
    affected < 4.0.1-r4fixed 4.0.1-r4

    The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName co

  • CVE-2025-12383Nov 18, 2025
    affected < 4.0.1-r2fixed 4.0.1-r2

    In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but

  • CVE-2025-58457Sep 24, 2025
    affected < 4.0.1-r1fixed 4.0.1-r1

    Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue.

  • CVE-2025-58057Sep 3, 2025
    affected < 4.0.0-r4fixed 4.0.0-r4

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s

  • CVE-2025-55163Aug 13, 2025
    affected < 4.0.0-r3fixed 4.0.0-r3

    Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the

  • CVE-2025-48734May 28, 2025
    affected < 4.0.1-r1fixed 4.0.1-r1

    Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was no

  • CVE-2024-29869Jan 28, 2025
    affected < 4.0.1-r1fixed 4.0.1-r1

    Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are