VYPR

Maven package

io.spinnaker.clouddriver/clouddriver-artifacts

pkg:maven/io.spinnaker.clouddriver/clouddriver-artifacts

Vulnerabilities (2)

  • CVE-2026-25534CriMar 17, 2026
    affected < 2025.2.4fixed 2025.2.4

    ### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916) thro

  • CVE-2025-61916Jan 5, 2026
    affected < 2025.1.6fixed 2025.1.6

    Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinn