docker.io/apache/kyuubi:1.11.1 linux/amd64

docker.io/apache/kyuubi:1.11.1 - Trivy安全扫描结果 扫描时间: 2026-06-11 15:07
全部漏洞信息
低危漏洞:6 中危漏洞:38 高危漏洞:31 严重漏洞:1

系统OS: ubuntu 20.04 扫描引擎: Trivy 扫描时间: 2026-06-11 15:07

docker.io/apache/kyuubi:1.11.1 (ubuntu 20.04) (ubuntu)
低危漏洞:0 中危漏洞:3 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libc-bin CVE-2025-4802 中危 2.31-0ubuntu9.17 2.31-0ubuntu9.18 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:470b66ea5123c93b0d5606e4213bf9e47d3d426b640d32472e4ac213186c4bb6

发布日期: 2025-05-16 20:15 修改: 2025-11-03 20:19
libsqlite3-0 CVE-2025-29088 中危 3.31.1-4ubuntu0.6 3.31.1-4ubuntu0.7 sqlite: Denial of Service in SQLite

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-29088

镜像层: sha256:f2d171c03b1dde8e93bfe5b024ddfc52f11914464a1f026dabd889f18f78b361

发布日期: 2025-04-10 14:15 修改: 2025-09-30 16:59
locales CVE-2025-4802 中危 2.31-0ubuntu9.17 2.31-0ubuntu9.18 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:f2d171c03b1dde8e93bfe5b024ddfc52f11914464a1f026dabd889f18f78b361

发布日期: 2025-05-16 20:15 修改: 2025-11-03 20:19
Java (jar)
低危漏洞:6 中危漏洞:35 高危漏洞:31 严重漏洞:1
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
org.apache.avro:avro CVE-2024-47561 严重 1.7.7 1.11.4 apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-10-03 11:15 修改: 2025-07-10 21:04
com.google.protobuf:protobuf-java CVE-2021-22569 高危 3.7.1 3.16.1, 3.18.2, 3.19.2 protobuf-java: potential DoS in the parsing procedure for binary data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2022-01-10 14:10 修改: 2024-11-21 05:50
com.google.protobuf:protobuf-java CVE-2022-3509 高危 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Textformat parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2022-12-12 13:15 修改: 2025-04-22 15:15
com.google.protobuf:protobuf-java CVE-2022-3510 高危 3.7.1 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Message-Type Extensions parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2022-12-12 13:15 修改: 2025-04-22 15:15
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.7.1 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-09-19 01:15 修改: 2025-09-26 17:10
com.nimbusds:nimbus-jose-jwt CVE-2023-52428 高危 9.8.1 9.37.2 nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52428

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-02-11 05:15 修改: 2024-11-21 08:39
com.squareup.okhttp3:okhttp CVE-2021-0341 高危 3.12.12 4.9.2 okhttp: information disclosure via improperly used cryptographic function

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-0341

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2021-02-10 17:15 修改: 2024-11-21 05:42
com.squareup.okhttp3:okhttp CVE-2021-0341 高危 3.14.9 4.9.2 okhttp: information disclosure via improperly used cryptographic function

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-0341

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2021-02-10 17:15 修改: 2024-11-21 05:42
com.squareup.okhttp3:okhttp CVE-2021-0341 高危 3.14.9 4.9.2 okhttp: information disclosure via improperly used cryptographic function

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-0341

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2021-02-10 17:15 修改: 2024-11-21 05:42
commons-beanutils:commons-beanutils CVE-2025-48734 高危 1.9.4 1.11.0 commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2025-05-28 14:15 修改: 2025-11-03 20:19
commons-io:commons-io CVE-2024-47554 高危 2.8.0 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-10-03 12:15 修改: 2025-07-10 21:10
dnsjava:dnsjava CVE-2024-25638 高危 2.1.7 3.6.0 dnsjava: Improper response validation allowing DNSSEC bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25638

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-07-22 14:15 修改: 2026-04-15 00:35
io.netty:netty-codec-compression CVE-2026-42583 高危 4.2.7.Final 4.2.13.Final Netty is an asynchronous, event-driven network application framework. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:22
io.netty:netty-codec-dns CVE-2026-42579 高危 4.2.7.Final 4.2.13.Final, 4.1.133.Final netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-13 19:17 修改: 2026-05-18 17:16
io.netty:netty-codec-http CVE-2026-33870 高危 4.2.7.Final 4.1.132.Final, 4.2.10.Final io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-03-27 20:16 修改: 2026-03-30 20:12
io.netty:netty-codec-http CVE-2026-42584 高危 4.2.7.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:15
io.netty:netty-codec-http CVE-2026-42587 高危 4.2.7.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:20
io.netty:netty-codec-http2 CVE-2026-33871 高危 4.2.7.Final 4.1.132.Final, 4.2.11.Final netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-03-27 20:16 修改: 2026-03-30 20:10
io.netty:netty-codec-http2 CVE-2026-42587 高危 4.2.7.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:20
io.netty:netty-handler CVE-2026-44249 高危 4.2.7.Final 4.2.15.Final, 4.1.135.Final Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
io.netty:netty-handler CVE-2026-45416 高危 4.2.7.Final 4.2.15.Final, 4.1.135.Final Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
io.netty:netty-resolver-dns CVE-2026-45674 高危 4.2.7.Final 4.2.15.Final, 4.1.135.Final Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
io.netty:netty-resolver-dns CVE-2026-47691 高危 4.2.7.Final 4.2.15.Final, 4.1.135.Final Netty has Insufficient Bailiwick Validation for NS Records

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
io.netty:netty-transport-native-epoll CVE-2026-42577 高危 4.2.7.Final 4.2.13.Final Netty is an asynchronous, event-driven network application framework. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42577

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-13 19:17 修改: 2026-05-18 14:05
io.netty:netty-transport-native-epoll CVE-2026-42577 高危 4.2.7.Final 4.2.13.Final Netty is an asynchronous, event-driven network application framework. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42577

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-13 19:17 修改: 2026-05-18 14:05
net.minidev:json-smart CVE-2021-31684 高危 1.3.2 1.3.3, 2.4.4 json-smart: Denial of Service in JSONParserByteArray function

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31684

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2021-06-01 20:15 修改: 2024-11-21 06:06
net.minidev:json-smart CVE-2023-1370 高危 1.3.2 2.4.9 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1370

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2023-03-22 06:15 修改: 2025-02-13 17:15
com.fasterxml.jackson.core:jackson-core CVE-2025-52999 高危 2.12.7 2.15.0 com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2025-06-25 17:15 修改: 2026-04-15 00:35
org.apache.avro:avro CVE-2023-39410 高危 1.7.7 1.11.3 apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39410

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2023-09-29 17:15 修改: 2025-02-13 17:16
org.eclipse.jetty:jetty-http CVE-2026-2332 高危 9.4.51.v20230217 12.1.7, 12.0.33 org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-04-14 12:16 修改: 2026-05-01 13:31
org.eclipse.jetty:jetty-http CVE-2026-2332 高危 9.4.57.v20241219 12.1.7, 12.0.33 org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-04-14 12:16 修改: 2026-05-01 13:31
org.postgresql:postgresql CVE-2026-42198 高危 42.7.2 42.7.11 jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-04-29 16:16 修改: 2026-05-01 12:51
com.google.protobuf:protobuf-java CVE-2022-3171 中危 3.7.1 3.21.7, 3.20.3, 3.19.6, 3.16.3 protobuf-java: timeout in parser leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2022-10-12 23:15 修改: 2024-11-21 07:18
io.netty:netty-codec-http2 CVE-2026-47244 中危 4.2.7.Final 4.2.15.Final, 4.1.135.Final Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
com.fasterxml.jackson.core:jackson-core CVE-2025-49128 中危 2.12.7 2.13.0 com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2025-06-06 22:15 修改: 2026-04-15 00:35
com.nimbusds:nimbus-jose-jwt CVE-2025-53864 中危 9.8.1 10.0.2, 9.37.4 com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2025-07-11 03:16 修改: 2026-04-15 00:35
com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.12.7 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.20.1 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
io.netty:netty-resolver-dns CVE-2026-45673 中危 4.2.7.Final 4.2.15.Final, 4.1.135.Final Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
com.google.guava:guava CVE-2023-2976 中危 30.1.1-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2023-06-14 18:15 修改: 2026-02-25 18:16
com.squareup.okio:okio CVE-2023-3635 中危 1.15.0 3.4.0, 1.17.6 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2023-07-12 19:15 修改: 2024-11-21 08:17
io.netty:netty-transport-native-epoll CVE-2026-45536 中危 4.2.7.Final 4.2.15.Final, 4.1.135.Final Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
io.netty:netty-transport-native-epoll CVE-2026-45536 中危 4.2.7.Final 4.2.15.Final, 4.1.135.Final Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
io.vertx:vertx-core CVE-2026-1002 中危 4.5.3 4.5.24, 5.0.7 io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1002

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-01-15 21:16 修改: 2026-02-05 16:50
io.vertx:vertx-core CVE-2026-6860 中危 4.5.3 4.5.27, 5.0.12 Vert.x has a DoS via unbounded server-side SNI SslContext cache growth

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6860

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-06 10:16 修改: 2026-05-12 13:42
com.squareup.okio:okio CVE-2023-3635 中危 1.17.2 3.4.0, 1.17.6 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2023-07-12 19:15 修改: 2024-11-21 08:17
io.netty:netty-codec-http CVE-2025-67735 中危 4.2.7.Final 4.2.8.Final, 4.1.129.Final netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2025-12-16 01:15 修改: 2026-01-02 18:50
io.netty:netty-codec-http CVE-2026-41417 中危 4.2.7.Final 4.1.133.Final, 4.2.13.Final netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-06 22:16 修改: 2026-05-11 14:29
io.netty:netty-codec-http CVE-2026-42580 中危 4.2.7.Final 4.2.13.Final, 4.1.133.Final netty: Netty: Request smuggling via chunk size parser integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-13 19:17 修改: 2026-05-18 14:03
org.apache.commons:commons-compress CVE-2024-25710 中危 1.21 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-02-19 09:15 修改: 2025-11-04 17:15
org.apache.commons:commons-compress CVE-2024-26308 中危 1.21 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-02-19 09:15 修改: 2025-03-27 20:15
org.apache.commons:commons-configuration2 CVE-2024-29131 中危 2.8.0 2.10.1 commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29131

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-03-21 09:15 修改: 2025-05-01 19:13
org.apache.commons:commons-configuration2 CVE-2024-29133 中危 2.8.0 2.10.1 commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29133

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-03-21 09:15 修改: 2025-05-01 19:12
org.apache.commons:commons-configuration2 CVE-2026-45205 中危 2.8.0 2.15.0 Uncontrolled Recursion vulnerability in Apache Commons. When processi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45205

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-14 12:16 修改: 2026-05-15 18:40
org.apache.commons:commons-lang3 CVE-2025-48924 中危 3.12.0 3.18.0 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
org.apache.logging.log4j:log4j-1.2-api CVE-2026-34479 中危 2.24.3 2.25.4 org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34479

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-04-10 16:16 修改: 2026-05-06 18:21
org.apache.logging.log4j:log4j-core CVE-2025-68161 中危 2.24.3 2.25.3 Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2025-12-18 21:15 修改: 2026-01-20 01:15
org.apache.logging.log4j:log4j-core CVE-2026-34477 中危 2.24.3 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-04-10 16:16 修改: 2026-05-06 16:49
org.apache.logging.log4j:log4j-core CVE-2026-34478 中危 2.24.3 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-04-10 16:16 修改: 2026-04-24 18:10
org.apache.logging.log4j:log4j-core CVE-2026-34480 中危 2.24.3 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-04-10 16:16 修改: 2026-04-24 18:21
org.apache.logging.log4j:log4j-layout-template-json CVE-2026-34481 中危 2.24.3 2.25.4 org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34481

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-04-10 16:16 修改: 2026-04-24 18:24
io.netty:netty-codec-http CVE-2026-42581 中危 4.2.7.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-13 19:17 修改: 2026-05-18 13:14
org.eclipse.jetty:jetty-http CVE-2023-40167 中危 9.4.51.v20230217 9.4.52, 10.0.16, 11.0.16, 12.0.1 jetty: Improper validation of HTTP/1 content-length

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40167

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2023-09-15 20:15 修改: 2024-11-21 08:18
org.eclipse.jetty:jetty-http CVE-2024-6763 中危 9.4.51.v20230217 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-10-14 16:15 修改: 2025-07-10 15:04
io.netty:netty-codec-http CVE-2026-42585 中危 4.2.7.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:24
org.eclipse.jetty:jetty-http CVE-2024-6763 中危 9.4.57.v20241219 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-10-14 16:15 修改: 2025-07-10 15:04
com.squareup.okio:okio CVE-2023-3635 中危 1.17.2 3.4.0, 1.17.6 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2023-07-12 19:15 修改: 2024-11-21 08:17
org.eclipse.jetty:jetty-http CVE-2025-11143 低危 9.4.51.v20230217 12.0.31, 12.1.5 org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-03-05 10:15 修改: 2026-03-06 20:30
io.netty:netty-handler-proxy CVE-2026-42578 低危 4.2.7.Final 4.1.133.Final, 4.2.13.Final netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-05-13 19:17 修改: 2026-05-18 12:54
com.google.guava:guava CVE-2020-8908 低危 30.1.1-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2020-12-10 23:15 修改: 2026-02-23 21:17
org.eclipse.jetty:jetty-http CVE-2025-11143 低危 9.4.57.v20241219 12.0.31, 12.1.5 org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2026-03-05 10:15 修改: 2026-03-06 20:30
org.eclipse.jetty:jetty-xml GHSA-58qw-p7qm-5rvh 低危 9.4.51.v20230217 10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823 Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations

漏洞详情: https://github.com/advisories/GHSA-58qw-p7qm-5rvh

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2023-07-10 21:52 修改: 2026-02-10 20:06
org.apache.hadoop:hadoop-common CVE-2024-23454 低危 3.3.6 3.4.0 Apache Hadoop: Temporary File Local Information Disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23454

镜像层: sha256:088c0c6c898055e3f70fed699faa960fc91533aa8657f6726cd48d1fbacc3f14

发布日期: 2024-09-25 08:15 修改: 2025-11-13 14:14