Skip to content
This repository was archived by the owner on Jan 7, 2026. It is now read-only.

keycloak-26.4/CVE-2025-59250 advisory#25255

Merged
kwmonroe merged 1 commit intowolfi-dev:mainfrom
jamie-albert:issue-2788-cve-advisory
Nov 7, 2025
Merged

keycloak-26.4/CVE-2025-59250 advisory#25255
kwmonroe merged 1 commit intowolfi-dev:mainfrom
jamie-albert:issue-2788-cve-advisory

Conversation

@jamie-albert
Copy link
Copy Markdown
Member

@jamie-albert jamie-albert commented Nov 7, 2025

The affected component’s suffix is non-standard for Maven parsing. It supports “.” as a delimiter, but treats jre11 as an unknown qualifier that sorts after known ones (alpha, beta, rc, ga, etc.), which breaks version matching. This vulnerability was resolved in the following PR for keycloak 26.4.2-r2: wolfi-dev/os#71234

Upstream PR to resolve issue: anchore/grype#3034

@kwmonroe kwmonroe added this pull request to the merge queue Nov 7, 2025
Merged via the queue into wolfi-dev:main with commit 914d8da Nov 7, 2025
4 checks passed
catmsred added a commit to catmsred/advisories that referenced this pull request Nov 13, 2025
@catmsred
doc(sonarqube): GHSA-m494-w24q-6f7w
f57318d 
False positive due to mssql-jdbc versioning structure similar to
wolfi-dev#25255

Relates: chainguard-dev/CVE-Dashboard#35920
@catmsred catmsred mentioned this pull request Nov 13, 2025
Merged
catmsred added a commit to catmsred/advisories that referenced this pull request Nov 13, 2025
@catmsred
doc(flyway): GHSA-m494-w24q-6f7w
a3c53b4 
mssql-jdbc version matching issue similar to wolfi-dev#25255

Relates: chainguard-dev/CVE-Dashboard#36003
@catmsred catmsred mentioned this pull request Nov 13, 2025
Merged
catmsred added a commit to catmsred/advisories that referenced this pull request Nov 13, 2025
@catmsred
doc(flyway): GHSA-m494-w24q-6f7w
4510477 
mssql-jdbc version matching issue similar to wolfi-dev#25255

Relates: chainguard-dev/CVE-Dashboard#36003
github-merge-queue Bot pushed a commit that referenced this pull request Nov 14, 2025
@catmsred
doc(sonarqube): GHSA-m494-w24q-6f7w (#25387)
18a8011 
False positive due to mssql-jdbc versioning structure similar to
#25255

Relates: chainguard-dev/CVE-Dashboard#35920
github-merge-queue Bot pushed a commit that referenced this pull request Nov 14, 2025
@catmsred
doc(flyway): GHSA-m494-w24q-6f7w (#25388)
2a29836 
mssql-jdbc version matching issue similar to #25255

Relates: chainguard-dev/CVE-Dashboard#36003
@catmsred catmsred mentioned this pull request Dec 2, 2025
Closed
catmsred added a commit to catmsred/advisories that referenced this pull request Dec 2, 2025
@catmsred
doc(apicurio-registry): GHSA-m494-w24q-6f7w false-positive
3aa99eb 
mssql-jdbc version matching issue similar to [1]

[1] wolfi-dev#25255

Relates: wolfi-dev/os#73631
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@kwmonroe kwmonroe kwmonroe approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jamie-albert @kwmonroe @cmwilson21