VYPR

Spinnaker

by Linux Foundation

Source repositories

CVEs (3)

  • CVE-2026-32613CriApr 20, 2026
    risk 0.64cvss 9.9epss 0.01

    Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike…

  • CVE-2026-32604CriApr 20, 2026
    risk 0.64cvss 9.9epss 0.01

    Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources…

  • CVE-2020-9301Dec 11, 2020
    risk 0.00cvss epss 0.01

    Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within…