VYPR

apk package

chainguard/zookeeper-custom

pkg:apk/chainguard/zookeeper-custom

Vulnerabilities (6)

  • CVE-2026-1225LowJan 22, 2026
    affected < 3.9.4-r5fixed 3.9.4-r5

    ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instanti

  • CVE-2025-11226MedOct 1, 2025
    affected < 3.9.4-r1fixed 3.9.4-r1

    ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment varia

  • CVE-2025-58457Sep 24, 2025
    affected < 3.9.4-r0fixed 3.9.4-r0

    Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue.

  • CVE-2025-58057Sep 3, 2025
    affected < 3.9.3-r5fixed 3.9.3-r5

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s

  • CVE-2024-12801LowDec 19, 2024
    affected < 3.9.4-r2fixed 3.9.4-r2

    Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE

  • CVE-2024-12798MedDec 19, 2024
    affected < 3.9.4-r2fixed 3.9.4-r2

    ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an en