pom.xml - Trivy Report - 2026-04-28 11:12:52.451301932 +0000 UTC m=+55.851538891

pom
Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
io.netty:netty-codec-http	CVE-2026-33870	HIGH	4.1.122.Final	4.1.132.Final, 4.2.10.Final	https://access.redhat.com/security/cve/CVE-2026-33870 https://github.com/netty/netty https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8 https://nvd.nist.gov/vuln/detail/CVE-2026-33870 https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html https://www.cve.org/CVERecord?id=CVE-2026-33870 https://www.rfc-editor.org/rfc/rfc9110
io.netty:netty-codec-http2	CVE-2025-55163	HIGH	4.1.122.Final	4.2.4.Final, 4.1.124.Final	http://www.openwall.com/lists/oss-security/2025/08/16/1 https://access.redhat.com/security/cve/CVE-2025-55163 https://github.com/grpc/grpc-java/commit/6462ef9a11980e168c21d90bbc7245c728fd1a7a https://github.com/netty/netty https://github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1 https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4 https://kb.cert.org/vuls/id/767506 https://nvd.nist.gov/vuln/detail/CVE-2025-55163 https://www.cve.org/CVERecord?id=CVE-2025-55163 https://www.kb.cert.org/vuls/id/767506
io.netty:netty-codec-http2	CVE-2026-33871	HIGH	4.1.122.Final	4.1.132.Final, 4.2.11.Final	https://access.redhat.com/security/cve/CVE-2026-33871 https://github.com/netty/netty https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv https://nvd.nist.gov/vuln/detail/CVE-2026-33871 https://www.cve.org/CVERecord?id=CVE-2026-33871
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-29145	CRITICAL	11.0.12	9.0.116, 10.1.53, 11.0.20	http://www.openwall.com/lists/oss-security/2026/04/09/23 https://access.redhat.com/security/cve/CVE-2026-29145 https://github.com/apache/tomcat https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz https://nvd.nist.gov/vuln/detail/CVE-2026-29145 https://www.cve.org/CVERecord?id=CVE-2026-29145
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-24734	HIGH	11.0.12	11.0.18, 10.1.52, 9.0.115	https://access.redhat.com/security/cve/CVE-2026-24734 https://github.com/apache/tomcat https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml https://nvd.nist.gov/vuln/detail/CVE-2026-24734 https://www.cve.org/CVERecord?id=CVE-2026-24734
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-34483	HIGH	11.0.12	9.0.116, 10.1.54, 11.0.21	http://www.openwall.com/lists/oss-security/2026/04/09/26 https://access.redhat.com/security/cve/CVE-2026-34483 https://github.com/apache/tomcat https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b https://nvd.nist.gov/vuln/detail/CVE-2026-34483 https://www.cve.org/CVERecord?id=CVE-2026-34483
org.apache.tomcat.embed:tomcat-embed-core	CVE-2026-34487	HIGH	11.0.12	9.0.117, 10.1.54, 11.0.21	http://www.openwall.com/lists/oss-security/2026/04/09/28 https://access.redhat.com/security/cve/CVE-2026-34487 https://github.com/apache/tomcat https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h https://nvd.nist.gov/vuln/detail/CVE-2026-34487 https://www.cve.org/CVERecord?id=CVE-2026-34487
org.springframework.boot:spring-boot-starter-actuator	CVE-2026-22731	HIGH	3.4.7	3.5.12, 4.0.4	https://access.redhat.com/security/cve/CVE-2026-22731 https://github.com/spring-projects/spring-boot https://nvd.nist.gov/vuln/detail/CVE-2026-22731 https://spring.io/security/cve-2026-22731 https://www.cve.org/CVERecord?id=CVE-2026-22731
org.springframework.boot:spring-boot-starter-actuator	CVE-2026-22733	HIGH	3.4.7	4.0.4, 3.5.12	https://github.com/spring-projects/spring-boot https://nvd.nist.gov/vuln/detail/CVE-2026-22733 https://spring.io/security/cve-2026-22733
No Misconfigurations found
dockerfile
No Vulnerabilities found
No Misconfigurations found