VYPR

apk package

wolfi/gradle-stage0

pkg:apk/wolfi/gradle-stage0

Vulnerabilities (6)

  • CVE-2025-67030HigMar 25, 2026
    affected < 8.0.1-r4fixed 8.0.1-r4

    Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

  • CVE-2025-52999HigJun 25, 2025
    affected < 8.0.1-r3fixed 8.0.1-r3

    jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the de

  • CVE-2024-30172HigMay 14, 2024
    affected < 8.0.1-r0fixed 8.0.1-r0

    An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

  • CVE-2023-4759Sep 12, 2023
    affected < 0fixed 0

    Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a

  • CVE-2022-46751Aug 21, 2023
    affected < 8.0.1-r0fixed 8.0.1-r0

    Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own c

  • CVE-2022-37866Nov 7, 2022
    affected < 8.0.1-r0fixed 8.0.1-r0

    When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which a