VYPR

Maven package

io.spinnaker.orca/orca-core

pkg:maven/io.spinnaker.orca/orca-core

Vulnerabilities (1)

  • CVE-2026-25534CriMar 17, 2026
    affected < 2025.2.4fixed 2025.2.4

    ### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916) thro