io.spinnaker.clouddriver:clouddriver-artifacts

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting io.spinnaker.clouddriver:clouddriver-artifactspage 1 of 1

CVE-2025-61916HIGHCVSS 7.9EG 7.9✓ Fixed in 2025.1.6
2026-01-05
vulnerable: 2025.0-0 ... main-99 (285 versions)
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. …
CVE-2026-25534CRITICALCVSS 9.1EG 9.1✓ Fixed in 2025.4.1
2026-03-17
vulnerable: 2025.4-0 ... 2025.4.0 (9 versions)
### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass …

Check whether io.spinnaker.clouddriver:clouddriver-artifacts is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.spinnaker.clouddriver:clouddriver-artifacts CVEs against the assets you own.

Start Free Scan →