Maven package
io.spinnaker.clouddriver/clouddriver-artifacts
pkg:maven/io.spinnaker.clouddriver/clouddriver-artifacts
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25534 | Cri | 9.1 | < 2025.2.4 | 2025.2.4 | Mar 17, 2026 | ### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916) thro | |
| CVE-2025-61916 | — | < 2025.1.6 | 2025.1.6 | Jan 5, 2026 | Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinn |
- affected < 2025.2.4fixed 2025.2.4
### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916) thro
- CVE-2025-61916Jan 5, 2026affected < 2025.1.6fixed 2025.1.6
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinn