VYPR

apk package

chainguard/zaproxy

pkg:apk/chainguard/zaproxy

Vulnerabilities (4)

  • CVE-2025-48924Jul 11, 2025
    affected < 2.17.0-r2fixed 2.17.0-r2

    Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowErr

  • CVE-2025-48734May 28, 2025
    affected < 2.17.0-r0fixed 2.17.0-r0

    Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was no

  • CVE-2024-6763Oct 14, 2024
    affected < 2.17.0-r5fixed 2.17.0-r5

    Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs fro

  • CVE-2012-5783Nov 4, 2012
    affected < 2.16.0-r0fixed 2.16.0-r0

    Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows m