sz-lk-purchase-bff.tar (alt cpe:/o:alt:spcontainer:10.2.2) - Trivy Report - 2026-04-28 11:18:08.614328882 +0000 UTC m=+2.943087587

alt
No Vulnerabilities found
No Misconfigurations found
jar
Package	Vulnerability ID	Severity	Installed Version	Fixed Version	Links
io.netty:netty-codec-http	CVE-2026-33870	HIGH	4.1.125.Final	4.1.132.Final, 4.2.10.Final	https://access.redhat.com/security/cve/CVE-2026-33870 https://github.com/netty/netty https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8 https://nvd.nist.gov/vuln/detail/CVE-2026-33870 https://w4ke.info/2025/06/18/funky-chunks.html https://w4ke.info/2025/10/29/funky-chunks-2.html https://www.cve.org/CVERecord?id=CVE-2026-33870 https://www.rfc-editor.org/rfc/rfc9110
io.netty:netty-codec-http2	CVE-2026-33871	HIGH	4.1.125.Final	4.1.132.Final, 4.2.11.Final	https://access.redhat.com/security/cve/CVE-2026-33871 https://github.com/netty/netty https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv https://nvd.nist.gov/vuln/detail/CVE-2026-33871 https://www.cve.org/CVERecord?id=CVE-2026-33871
org.springframework.cloud:spring-cloud-gateway-server	CVE-2025-41253	HIGH	4.2.3	4.3.2, 4.2.6	https://github.com/spring-cloud/spring-cloud-gateway https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1 https://nvd.nist.gov/vuln/detail/CVE-2025-41253 https://spring.io/security/cve/2025-41253 https://www.cve.org/CVERecord?id=CVE-2025-41253
No Misconfigurations found