VYPR

apk package

chainguard/spring-boot

pkg:apk/chainguard/spring-boot

Vulnerabilities (5)

  • CVE-2025-41249HigSep 16, 2025
    affected < 3.5.6-r0fixed 3.5.6-r0

    The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application m

  • CVE-2025-48924Jul 11, 2025
    affected < 3.5.5-r0fixed 3.5.5-r0

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowErr

  • CVE-2025-27820Apr 24, 2025
    affected < 3.5.3-r0fixed 3.5.3-r0

    A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

  • CVE-2024-25710Feb 19, 2024
    affected < 3.5.3-r0fixed 3.5.3-r0

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

  • CVE-2024-26308Feb 19, 2024
    affected < 3.5.3-r0fixed 3.5.3-r0

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.