docker.io/apache/skywalking-oap-server:8.2.0-es7 linux/amd64

docker.io/apache/skywalking-oap-server:8.2.0-es7 - Trivy安全扫描结果扫描时间: 2024-11-02 19:52

全部漏洞信息

低危漏洞:10

中危漏洞:112

高危漏洞:173

严重漏洞:41

系统OS: alpine 3.12.1 扫描引擎: Trivy 扫描时间: 2024-11-02 19:52

docker.io/apache/skywalking-oap-server:8.2.0-es7 (alpine 3.12.1) (alpine)

低危漏洞:2

中危漏洞:10

高危漏洞:34

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
apk-tools	CVE-2021-36159	严重	2.10.5-r1	2.10.7-r0	libfetch: an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes leads to information leak or crash 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36159 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-08-03 14:15 修改: 2023-11-07 03:36
libcrypto1.1	CVE-2021-3711	严重	1.1.1g-r0	1.1.1l-r0	openssl: SM2 Decryption Buffer Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3711 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libssl1.1	CVE-2021-3711	严重	1.1.1g-r0	1.1.1l-r0	openssl: SM2 Decryption Buffer Overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3711 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
zlib	CVE-2022-37434	严重	1.2.11-r3	1.2.12-r2	zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37434 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2022-08-05 07:15 修改: 2023-07-19 00:56
busybox	CVE-2021-42379	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42379 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox	CVE-2021-42380	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42380 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox	CVE-2021-42381	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42381 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox	CVE-2021-42382	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42382 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox	CVE-2021-42383	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42383 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox	CVE-2021-42384	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42384 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox	CVE-2021-42385	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42385 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox	CVE-2021-42386	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42386 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
busybox	CVE-2022-28391	高危	1.31.1-r19	1.31.1-r22	busybox: remote attackers may execute arbitrary code if netstat is used 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2022-04-03 21:15 修改: 2022-08-11 18:44
apk-tools	CVE-2021-30139	高危	2.10.5-r1	2.10.6-r0	漏洞详情: https://avd.aquasec.com/nvd/cve-2021-30139 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-04-21 16:15 修改: 2021-04-22 18:21
libcrypto1.1	CVE-2021-23840	高危	1.1.1g-r0	1.1.1j-r0	openssl: integer overflow in CipherUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23840 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcrypto1.1	CVE-2021-3450	高危	1.1.1g-r0	1.1.1k-r0	openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3450 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-03-25 15:15 修改: 2023-11-07 03:38
libcrypto1.1	CVE-2021-3712	高危	1.1.1g-r0	1.1.1l-r0	openssl: Read buffer overruns processing ASN.1 strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3712 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libcrypto1.1	CVE-2022-0778	高危	1.1.1g-r0	1.1.1n-r0	openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2022-03-15 17:15 修改: 2024-06-21 19:15
busybox	CVE-2021-28831	高危	1.31.1-r19	1.31.1-r20	busybox: invalid free or segmentation fault via malformed gzip data 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28831 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-03-19 05:15 修改: 2023-11-07 03:32
libssl1.1	CVE-2021-23840	高危	1.1.1g-r0	1.1.1j-r0	openssl: integer overflow in CipherUpdate 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23840 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1	CVE-2021-3450	高危	1.1.1g-r0	1.1.1k-r0	openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3450 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-03-25 15:15 修改: 2023-11-07 03:38
libssl1.1	CVE-2021-3712	高危	1.1.1g-r0	1.1.1l-r0	openssl: Read buffer overruns processing ASN.1 strings 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3712 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-08-24 15:15 修改: 2024-06-21 19:15
libssl1.1	CVE-2022-0778	高危	1.1.1g-r0	1.1.1n-r0	openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2022-03-15 17:15 修改: 2024-06-21 19:15
ncurses-libs	CVE-2021-39537	高危	6.2_p20200523-r0	6.2_p20200523-r1	ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537 镜像层: sha256:5964d036e6a96353e2e55987397e533acbc13727f19c58b22f47fa77b974cdb0 发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15
ncurses-terminfo-base	CVE-2021-39537	高危	6.2_p20200523-r0	6.2_p20200523-r1	ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39537 镜像层: sha256:5964d036e6a96353e2e55987397e533acbc13727f19c58b22f47fa77b974cdb0 发布日期: 2021-09-20 16:15 修改: 2023-12-03 20:15
ssl_client	CVE-2021-28831	高危	1.31.1-r19	1.31.1-r20	busybox: invalid free or segmentation fault via malformed gzip data 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28831 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-03-19 05:15 修改: 2023-11-07 03:32
ssl_client	CVE-2021-42378	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42378 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client	CVE-2021-42379	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42379 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client	CVE-2021-42380	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42380 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client	CVE-2021-42381	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42381 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client	CVE-2021-42382	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42382 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client	CVE-2021-42383	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42383 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client	CVE-2021-42384	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42384 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client	CVE-2021-42385	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42385 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client	CVE-2021-42386	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42386 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client	CVE-2022-28391	高危	1.31.1-r19	1.31.1-r22	busybox: remote attackers may execute arbitrary code if netstat is used 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2022-04-03 21:15 修改: 2022-08-11 18:44
busybox	CVE-2021-42378	高危	1.31.1-r19	1.31.1-r21	busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42378 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
zlib	CVE-2018-25032	高危	1.2.11-r3	1.2.12-r0	zlib: A flaw found in zlib when compressing (not decompressing) certain inputs 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-25032 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2022-03-25 09:15 修改: 2023-11-07 02:56
libssl1.1	CVE-2021-3449	中危	1.1.1g-r0	1.1.1k-r0	openssl: NULL pointer dereference in signature_algorithms processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3449 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-03-25 15:15 修改: 2024-06-21 19:15
musl	CVE-2020-28928	中危	1.1.24-r9	1.1.24-r10	In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28928 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2020-11-24 18:15 修改: 2023-11-07 03:21
musl-utils	CVE-2020-28928	中危	1.1.24-r9	1.1.24-r10	In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28928 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2020-11-24 18:15 修改: 2023-11-07 03:21
libcrypto1.1	CVE-2020-1971	中危	1.1.1g-r0	1.1.1i-r0	openssl: EDIPARTYNAME NULL pointer de-reference 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1971 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2020-12-08 16:15 修改: 2024-06-21 19:15
libcrypto1.1	CVE-2021-23841	中危	1.1.1g-r0	1.1.1j-r0	openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23841 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcrypto1.1	CVE-2021-3449	中危	1.1.1g-r0	1.1.1k-r0	openssl: NULL pointer dereference in signature_algorithms processing 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3449 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-03-25 15:15 修改: 2024-06-21 19:15
busybox	CVE-2021-42374	中危	1.31.1-r19	1.31.1-r21	busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42374 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
ssl_client	CVE-2021-42374	中危	1.31.1-r19	1.31.1-r21	busybox: out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42374 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-11-15 21:15 修改: 2023-11-07 03:39
libssl1.1	CVE-2020-1971	中危	1.1.1g-r0	1.1.1i-r0	openssl: EDIPARTYNAME NULL pointer de-reference 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-1971 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2020-12-08 16:15 修改: 2024-06-21 19:15
libssl1.1	CVE-2021-23841	中危	1.1.1g-r0	1.1.1j-r0	openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23841 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libcrypto1.1	CVE-2021-23839	低危	1.1.1g-r0	1.1.1j-r0	openssl: incorrect SSLv2 rollback protection 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23839 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15
libssl1.1	CVE-2021-23839	低危	1.1.1g-r0	1.1.1j-r0	openssl: incorrect SSLv2 rollback protection 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23839 镜像层: sha256:ace0eda3e3be35a979cec764a3321b4c7d0b9e4bb3094d20d3ff6782961a8d54 发布日期: 2021-02-16 17:15 修改: 2024-06-21 19:15

Java (jar)

低危漏洞:7

中危漏洞:65

高危漏洞:84

严重漏洞:33

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
com.fasterxml.jackson.core:jackson-databind	CVE-2018-11307	严重	2.9.5	2.7.9.4, 2.8.11.2, 2.9.6	jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-07-09 16:15 修改: 2024-04-03 17:40
com.fasterxml.jackson.core:jackson-databind	CVE-2018-14718	严重	2.9.5	2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3	jackson-databind: arbitrary code execution in slf4j-ext class 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind	CVE-2018-14719	严重	2.9.5	2.9.7, 2.8.11.3, 2.7.9.5	jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind	CVE-2018-14720	严重	2.9.5	2.9.7, 2.8.11.3, 2.7.9.5	jackson-databind: exfiltration/XXE in some JDK classes 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14720 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind	CVE-2018-14721	严重	2.9.5	2.9.7, 2.8.11.3, 2.7.9.5	jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14721 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind	CVE-2018-19360	严重	2.9.5	2.9.8, 2.8.11.3, 2.7.9.5	jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19360 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind	CVE-2018-19361	严重	2.9.5	2.7.9.5, 2.9.8, 2.8.11.3	jackson-databind: improper polymorphic deserialization in openjpa class 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19361 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind	CVE-2018-19362	严重	2.9.5	2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3	jackson-databind: improper polymorphic deserialization in jboss-common-core class 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind	CVE-2019-14379	严重	2.9.5	2.9.9.2, 2.8.11.4, 2.7.9.6	jackson-databind: default typing mishandling leading to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-07-29 12:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind	CVE-2019-14540	严重	2.9.5	2.9.10, 2.8.11.5, 2.6.7.3	jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind	CVE-2019-16335	严重	2.9.5	2.9.10, 2.8.11.5, 2.6.7.3	jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind	CVE-2019-16942	严重	2.9.5	2.9.10.1, 2.8.11.5, 2.6.7.3	jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind	CVE-2019-16943	严重	2.9.5	2.9.10.1, 2.8.11.5, 2.6.7.3	jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind	CVE-2019-17267	严重	2.9.5	2.9.10, 2.8.11.5	jackson-databind: Serialization gadgets in classes of the ehcache package 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-10-07 00:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind	CVE-2019-17531	严重	2.9.5	2.9.10.1, 2.8.11.5, 2.6.7.3	jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-10-12 21:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind	CVE-2019-20330	严重	2.9.5	2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2	jackson-databind: lacks certain net.sf.ehcache blocking 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-01-03 04:15 修改: 2023-11-07 03:09
com.fasterxml.jackson.core:jackson-databind	CVE-2020-8840	严重	2.9.5	2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3	jackson-databind: Lacks certain xbean-reflect/JNDI blocking 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-02-10 21:56 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind	CVE-2020-9546	严重	2.9.5	2.9.10.4	jackson-databind: Serialization gadgets in shaded-hikari-config 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9546 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind	CVE-2020-9547	严重	2.9.5	2.9.10.4, 2.8.11.6, 2.7.9.7	jackson-databind: Serialization gadgets in ibatis-sqlmap 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind	CVE-2020-9548	严重	2.9.5	2.9.10.4, 2.8.11.6, 2.7.9.7	jackson-databind: Serialization gadgets in anteros-core 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.h2database:h2	CVE-2021-42392	严重	1.4.196	2.0.206	h2: Remote Code Execution in Console 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42392 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-01-10 14:10 修改: 2023-02-24 22:15
com.h2database:h2	CVE-2022-23221	严重	1.4.196	2.1.210	h2: Loading of custom classes from remote servers through JNDI 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23221 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-01-19 17:15 修改: 2023-08-18 14:15
com.squareup.retrofit2:retrofit	CVE-2018-1000844	严重	2.3.0	2.5.0	retrofit: XML external entity processing vulnerability in JAXB 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000844 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2018-12-20 15:29 修改: 2019-07-01 12:44
io.netty:netty	CVE-2019-20444	严重	3.10.5.Final	4.0.0	netty: HTTP request smuggling 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20444 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
io.netty:netty-codec-http	CVE-2019-20444	严重	4.1.42.Final	4.1.44	netty: HTTP request smuggling 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20444 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
log4j:log4j	CVE-2019-17571	严重	1.2.16		log4j: deserialization of untrusted data in SocketServer 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17571 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-12-20 17:15 修改: 2023-11-07 03:06
log4j:log4j	CVE-2022-23305	严重	1.2.16		log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23305 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:30
log4j:log4j	CVE-2022-23307	严重	1.2.16		log4j: Unsafe deserialization flaw in Chainsaw log viewer 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23307 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:29
org.apache.logging.log4j:log4j-core	CVE-2021-44228	严重	2.9.0	2.15.0, 2.3.1, 2.12.2	log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44228 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-12-10 10:15 修改: 2024-07-24 17:08
org.apache.logging.log4j:log4j-core	CVE-2021-45046	严重	2.9.0	2.16.0, 2.12.2	log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45046 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-12-14 19:15 修改: 2024-10-31 12:17
org.apache.zookeeper:zookeeper	CVE-2023-44981	严重	3.4.10	3.7.2, 3.8.3, 3.9.1	zookeeper: Authorization Bypass in Apache ZooKeeper 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44981 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-10-11 12:15 修改: 2024-06-21 19:15
org.codehaus.jackson:jackson-mapper-asl	CVE-2019-10202	严重	1.9.13		codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10202 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-10-01 15:15 修改: 2023-02-12 23:33
org.eclipse.jetty:jetty-server	CVE-2019-17638	严重	9.4.28.v20200408	9.4.30.v20200611	jetty: double release of resource can lead to information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17638 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-07-09 18:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind	CVE-2020-10968	高危	2.9.5	2.9.10.4	jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10968 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-26 13:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind	CVE-2020-10969	高危	2.9.5	2.9.10.4	jackson-databind: Serialization gadgets in javax.swing.JEditorPane 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10969 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-26 13:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind	CVE-2020-11111	高危	2.9.5	2.9.10.4	jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11111 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-31 05:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind	CVE-2020-11112	高危	2.9.5	2.9.10.4	jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11112 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-31 05:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind	CVE-2020-11113	高危	2.9.5	2.9.10.4	jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11113 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-31 05:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind	CVE-2020-11619	高危	2.9.5	2.9.10.4	jackson-databind: Serialization gadgets in org.springframework:spring-aop 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11619 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-04-07 23:15 修改: 2023-11-07 03:15
com.fasterxml.jackson.core:jackson-databind	CVE-2020-11620	高危	2.9.5	2.9.10.4	jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11620 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-04-07 23:15 修改: 2023-11-07 03:15
com.fasterxml.jackson.core:jackson-databind	CVE-2020-14060	高危	2.9.5	2.9.10.5	jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14060 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-06-14 21:15 修改: 2023-11-07 03:17
com.fasterxml.jackson.core:jackson-databind	CVE-2020-14061	高危	2.9.5	2.9.10.5	jackson-databind: serialization in weblogic/oracle-aqjms 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14061 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-06-14 20:15 修改: 2023-11-07 03:17
com.fasterxml.jackson.core:jackson-databind	CVE-2020-14062	高危	2.9.5	2.9.10.5	jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14062 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-06-14 20:15 修改: 2023-11-07 03:17
com.fasterxml.jackson.core:jackson-databind	CVE-2020-14195	高危	2.9.5	2.9.10.5	jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14195 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-06-16 16:15 修改: 2021-11-17 20:20
com.fasterxml.jackson.core:jackson-databind	CVE-2020-24616	高危	2.9.5	2.9.10.6	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-08-25 18:15 修改: 2023-11-07 03:20
com.fasterxml.jackson.core:jackson-databind	CVE-2020-24750	高危	2.9.5	2.6.7.5, 2.9.10.6	jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-09-17 19:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind	CVE-2020-25649	高危	2.9.5	2.6.7.4, 2.9.10.7, 2.10.5.1	jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25649 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-12-03 17:15 修改: 2023-11-07 03:20
com.fasterxml.jackson.core:jackson-databind	CVE-2020-35490	高危	2.9.5	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind	CVE-2020-35491	高危	2.9.5	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind	CVE-2020-35728	高危	2.9.5	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-12-27 05:15 修改: 2023-11-07 03:22
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36179	高危	2.9.5	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36180	高危	2.9.5	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36181	高危	2.9.5	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36182	高危	2.9.5	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36183	高危	2.9.5	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-07 00:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36184	高危	2.9.5	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36185	高危	2.9.5	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36186	高危	2.9.5	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36187	高危	2.9.5	2.9.10.8	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36188	高危	2.9.5	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36189	高危	2.9.5	2.9.10.8, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind	CVE-2020-36518	高危	2.9.5	2.13.2.1, 2.12.6.1	jackson-databind: denial of service via a large depth of nested objects 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-03-11 07:15 修改: 2022-11-29 22:12
com.fasterxml.jackson.core:jackson-databind	CVE-2021-20190	高危	2.9.5	2.9.10.7, 2.6.7.5	jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-19 17:15 修改: 2023-11-07 03:28
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42003	高危	2.9.5	2.12.7.1, 2.13.4.2	jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-10-02 05:15 修改: 2023-12-20 10:15
com.fasterxml.jackson.core:jackson-databind	CVE-2022-42004	高危	2.9.5	2.12.7.1, 2.13.4	jackson-databind: use of deeply nested arrays 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-10-02 05:15 修改: 2022-12-02 15:10
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor	CVE-2020-28491	高危	2.8.11	2.11.4, 2.12.1	jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28491 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-02-18 16:15 修改: 2022-12-06 21:44
com.google.code.gson:gson	CVE-2022-25647	高危	2.8.6	2.8.9	com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25647 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-05-01 16:15 修改: 2022-11-28 17:33
com.google.protobuf:protobuf-java	CVE-2021-22569	高危	3.13.0	3.16.1, 3.18.2, 3.19.2	protobuf-java: potential DoS in the parsing procedure for binary data 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-01-10 14:10 修改: 2023-04-18 09:15
com.google.protobuf:protobuf-java	CVE-2021-22570	高危	3.13.0	3.15.0	protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22570 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-01-26 14:15 修改: 2023-11-07 03:30
com.google.protobuf:protobuf-java	CVE-2022-3509	高危	3.13.0	3.16.3, 3.19.6, 3.20.3, 3.21.7	protobuf-java: Textformat parsing issue leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-12-12 13:15 修改: 2022-12-15 16:57
com.google.protobuf:protobuf-java	CVE-2022-3510	高危	3.13.0	3.16.3, 3.19.6, 3.20.3, 3.21.7	protobuf-java: Message-Type Extensions parsing issue leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-12-12 13:15 修改: 2023-11-07 03:51
com.google.protobuf:protobuf-java	CVE-2024-7254	高危	3.13.0	3.25.5, 4.27.5, 4.28.2	protobuf: StackOverflow vulnerability in Protocol Buffers 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
com.graphql-java:graphql-java	CVE-2022-37734	高危	8.0	17.4, 18.3	graphql-java: DoS by malicious query 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37734 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-09-12 14:15 修改: 2023-08-08 14:22
com.graphql-java:graphql-java	CVE-2023-28867	高危	8.0	0.0.0-2023-03-20T01-49-44-80e3135, 17.5, 18.4, 19.4, 20.1	graphql-java: crafted GraphQL query causes stack consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28867 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-03-27 01:15 修改: 2023-04-03 14:01
com.graphql-java:graphql-java	CVE-2024-40094	高危	8.0	19.11, 20.9, 21.5	graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-40094 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-07-30 07:15 修改: 2024-07-30 13:32
com.alibaba.nacos:nacos-client	CVE-2021-43116	高危	1.3.1		Use of Hard-coded Credentials in Nacos 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43116 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-07-05 14:15 修改: 2023-04-03 20:15
com.alibaba.nacos:nacos-common	CVE-2021-29441	高危	1.3.1	1.4.1	Authentication Bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29441 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-04-27 21:15 修改: 2021-05-07 23:09
com.alibaba.nacos:nacos-common	CVE-2021-29442	高危	1.3.1	1.4.1	Authentication bypass for specific endpoint 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29442 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-04-27 21:15 修改: 2021-05-07 15:37
com.squareup.retrofit2:retrofit	CVE-2018-1000850	高危	2.3.0	2.5.0	retrofit: Directory traversal in RequestBuilder allows manipulation of resources 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000850 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2018-12-20 15:29 修改: 2023-11-07 02:51
commons-io:commons-io	CVE-2024-47554	高危	2.6	2.14.0	apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-10-03 12:15 修改: 2024-10-04 13:50
io.grpc:grpc-protobuf	CVE-2023-1428	高危	1.32.1	1.53.0	gRPC: Reachable Assertion 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1428 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-06-09 11:15 修改: 2023-06-15 22:17
io.grpc:grpc-protobuf	CVE-2023-32731	高危	1.32.1	1.53.0	gRPC: sensitive information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32731 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-06-09 11:15 修改: 2023-06-15 22:18
io.kubernetes:client-java	CVE-2020-8570	高危	8.0.0	9.0.2, 10.0.1	kubernetes-client: Path Traversal bug in the Java kubernetes client 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8570 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-21 17:15 修改: 2023-11-07 03:26
com.ctrip.framework.apollo:apollo-core	CVE-2020-15170	高危	1.4.0	1.7.1	Potential access control security issue in apollo-adminservice 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15170 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-09-10 19:15 修改: 2021-11-18 17:49
io.netty:netty	CVE-2021-37136	高危	3.10.5.Final	4.0.0	netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
io.netty:netty	CVE-2021-37137	高危	3.10.5.Final	4.0.0	netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
io.netty:netty-codec	CVE-2021-37136	高危	4.1.42.Final	4.1.68.Final	netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
io.netty:netty-codec	CVE-2021-37137	高危	4.1.42.Final	4.1.68.Final	netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
com.fasterxml.jackson.core:jackson-databind	CVE-2018-12022	高危	2.9.5	2.7.9.4, 2.8.11.2, 2.9.6	jackson-databind: improper polymorphic deserialization of types from Jodd-db library 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-03-21 16:00 修改: 2023-11-07 02:52
io.netty:netty-codec-http2	GHSA-xpw8-rcwv-8f8p	高危	4.1.51.Final	4.1.100.Final	io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack 漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
io.netty:netty-handler	CVE-2020-11612	高危	4.1.42.Final	4.1.46	netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11612 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-04-07 18:15 修改: 2023-11-07 03:14
com.fasterxml.jackson.core:jackson-databind	CVE-2018-12023	高危	2.9.5	2.7.9.4, 2.8.11.2, 2.9.6	jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12023 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-03-21 16:00 修改: 2023-11-07 02:52
com.fasterxml.jackson.core:jackson-databind	CVE-2019-12086	高危	2.9.5	2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3	jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-05-17 17:29 修改: 2023-11-07 03:03
com.fasterxml.jackson.core:jackson-databind	CVE-2019-14439	高危	2.9.5	2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3	jackson-databind: Polymorphic typing issue related to logback/JNDI 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-07-30 11:15 修改: 2023-11-07 03:04
log4j:log4j	CVE-2021-4104	高危	1.2.16		log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4104 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-12-14 12:15 修改: 2023-12-22 09:15
log4j:log4j	CVE-2022-23302	高危	1.2.16		log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23302 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:30
org.apache.commons:commons-compress	CVE-2021-35515	高危	1.19	1.21	apache-commons-compress: infinite loop when reading a specially crafted 7Z archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35515 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
org.apache.commons:commons-compress	CVE-2021-35516	高危	1.19	1.21	apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35516 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
org.apache.commons:commons-compress	CVE-2021-35517	高危	1.19	1.21	apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35517 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
org.apache.commons:commons-compress	CVE-2021-36090	高危	1.19	1.21	apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36090 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
org.apache.commons:commons-compress	CVE-2024-25710	高危	1.19	1.26.0	commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-02-19 09:15 修改: 2024-03-07 17:15
com.fasterxml.jackson.core:jackson-databind	CVE-2019-14892	高危	2.9.5	2.6.7.3, 2.8.11.5, 2.9.10	jackson-databind: Serialization gadgets in classes of the commons-configuration package 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-02 17:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind	CVE-2019-14893	高危	2.9.5	2.9.10	jackson-databind: Serialization gadgets in classes of the xalan package 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14893 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-02 21:15 修改: 2023-11-07 03:05
org.apache.logging.log4j:log4j-core	CVE-2021-45105	高危	2.9.0	2.12.3, 2.17.0, 2.3.1	log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45105 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-12-18 12:15 修改: 2022-10-06 17:31
com.fasterxml.jackson.core:jackson-databind	CVE-2020-10650	高危	2.9.5	2.9.10.4	A deserialization flaw was discovered in jackson-databind through 2.9. ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-12-26 20:15 修改: 2023-08-18 14:15
org.bitbucket.b_c:jose4j	CVE-2023-31582	高危	0.7.0	0.9.3	jose4j: Insecure iteration count setting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31582 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-10-25 18:17 修改: 2023-10-31 15:18
com.fasterxml.jackson.core:jackson-databind	CVE-2020-10672	高危	2.9.5	2.9.10.4	jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10672 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-18 22:15 修改: 2024-07-03 01:36
org.codehaus.jackson:jackson-mapper-asl	CVE-2019-10172	高危	1.9.13		jackson-mapper-asl: XML external entity similar to CVE-2016-3720 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10172 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-11-18 17:15 修改: 2023-02-12 23:33
com.fasterxml.jackson.core:jackson-databind	CVE-2020-10673	高危	2.9.5	2.9.10.4, 2.6.7.4	jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-18 22:15 修改: 2024-07-03 01:36
org.eclipse.jetty:jetty-server	CVE-2021-28165	高危	9.4.28.v20200408	9.4.39, 10.0.2, 11.0.2	jetty: Resource exhaustion when receiving an invalid large TLS frame 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28165 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-04-01 15:15 修改: 2023-11-07 03:32
org.elasticsearch:elasticsearch	CVE-2020-7009	高危	7.0.0	6.8.8, 7.6.2	elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7009 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-31 19:15 修改: 2020-04-09 14:58
org.elasticsearch:elasticsearch	CVE-2023-31418	高危	7.0.0	7.17.13, 8.9.0	elasticsearch: uncontrolled resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31418 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-10-26 18:15 修改: 2023-11-30 22:15
org.xerial.snappy:snappy-java	CVE-2023-34455	高危	1.1.7.3	1.1.10.1	snappy-java: Unchecked chunk length leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34455 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-06-15 18:15 修改: 2024-02-01 14:17
org.xerial.snappy:snappy-java	CVE-2023-43642	高危	1.1.7.3	1.1.10.4	snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43642 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-09-25 20:15 修改: 2023-09-26 15:46
org.yaml:snakeyaml	CVE-2017-18640	高危	1.18	1.26	snakeyaml: Billion laughs attack via alias feature 漏洞详情: https://avd.aquasec.com/nvd/cve-2017-18640 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-12-12 03:15 修改: 2023-11-07 02:41
org.yaml:snakeyaml	CVE-2022-1471	高危	1.18	2.0	SnakeYaml: Constructor Deserialization Remote Code Execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-12-01 11:15 修改: 2024-06-21 19:15
org.yaml:snakeyaml	CVE-2022-25857	高危	1.18	1.31	snakeyaml: Denial of Service due to missing nested depth limitation for collections 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25857 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-30 05:15 修改: 2024-03-15 11:15
io.netty:netty	CVE-2019-20445	中危	3.10.5.Final	4.0.0	netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20445 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
io.netty:netty	CVE-2021-21290	中危	3.10.5.Final	4.0.0	netty: Information disclosure via the local system temporary directory 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21290 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-02-08 20:15 修改: 2023-11-07 03:29
io.netty:netty	CVE-2021-21295	中危	3.10.5.Final	4.0.0	netty: possible request smuggling in HTTP/2 due missing validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21295 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-03-09 19:15 修改: 2023-11-07 03:29
io.netty:netty	CVE-2021-21409	中危	3.10.5.Final	4.0.0	netty: Request smuggling via content-length header 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21409 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-03-30 15:15 修改: 2023-11-07 03:30
io.netty:netty	CVE-2021-43797	中危	3.10.5.Final	4.0.0	netty: control chars in header names may lead to HTTP request smuggling 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-12-09 19:15 修改: 2023-02-24 15:47
commons-io:commons-io	CVE-2021-29425	中危	2.6	2.7	apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29425 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-04-13 07:15 修改: 2023-11-07 03:32
org.apache.httpcomponents:httpclient	CVE-2020-13956	中危	4.5.7	4.5.13, 5.0.3	apache-httpclient: incorrect handling of malformed authority component in request URIs 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-12-02 17:15 修改: 2023-11-07 03:17
org.apache.kafka:kafka-clients	CVE-2021-38153	中危	2.4.1	2.6.3, 2.7.2, 2.8.1	Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38153 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-09-22 09:15 修改: 2023-11-07 03:37
com.fasterxml.jackson.core:jackson-databind	CVE-2019-12814	中危	2.9.5	2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-06-19 14:15 修改: 2023-11-07 03:03
com.google.protobuf:protobuf-java	CVE-2022-3171	中危	3.13.0	3.21.7, 3.20.3, 3.19.6, 3.16.3	protobuf-java: timeout in parser leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-10-12 23:15 修改: 2023-11-07 03:50
io.netty:netty-codec-http	CVE-2021-21290	中危	4.1.42.Final	4.1.59.Final	netty: Information disclosure via the local system temporary directory 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21290 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-02-08 20:15 修改: 2023-11-07 03:29
org.apache.logging.log4j:log4j-core	CVE-2021-44832	中危	2.9.0	2.3.2, 2.12.4, 2.17.1	log4j-core: remote code execution via JDBC Appender 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44832 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-12-28 20:15 修改: 2023-11-07 03:39
io.netty:netty-codec-http	CVE-2021-43797	中危	4.1.42.Final	4.1.71.Final	netty: control chars in header names may lead to HTTP request smuggling 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-12-09 19:15 修改: 2023-02-24 15:47
org.apache.zookeeper:zookeeper	CVE-2019-0201	中危	3.4.10	3.4.14, 3.5.5	zookeeper: Information disclosure in Apache ZooKeeper 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-0201 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-05-23 14:29 修改: 2023-11-07 03:01
io.netty:netty-codec-http	CVE-2022-24823	中危	4.1.42.Final	4.1.77.Final	netty: world readable temporary file containing sensitive data 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24823 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-05-06 12:15 修改: 2022-12-03 14:25
org.bitbucket.b_c:jose4j	CVE-2023-51775	中危	0.7.0	0.9.4	jose4j: denial of service via specially crafted JWE 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51775 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-02-29 01:42 修改: 2024-08-14 19:35
org.bitbucket.b_c:jose4j	GHSA-jgvc-jfgh-rjvv	中危	0.7.0	0.9.3	Chosen Ciphertext Attack in Jose4j 漏洞详情: https://github.com/advisories/GHSA-jgvc-jfgh-rjvv 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
org.bouncycastle:bcprov-ext-jdk15on	CVE-2020-15522	中危	1.61	1.66	bouncycastle: Timing issue within the EC math library 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15522 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-05-20 12:15 修改: 2021-06-22 09:15
org.bouncycastle:bcprov-ext-jdk15on	CVE-2023-33201	中危	1.61		bouncycastle: potential blind LDAP injection attack using a self-signed certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-07-05 03:15 修改: 2023-08-24 19:15
org.bouncycastle:bcprov-ext-jdk15on	CVE-2023-33202	中危	1.61	1.73	bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33202 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-11-23 16:15 修改: 2024-09-09 13:53
org.bouncycastle:bcprov-jdk15on	CVE-2020-15522	中危	1.61	1.66	bouncycastle: Timing issue within the EC math library 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15522 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-05-20 12:15 修改: 2021-06-22 09:15
org.bouncycastle:bcprov-jdk15on	CVE-2023-33201	中危	1.61		bouncycastle: potential blind LDAP injection attack using a self-signed certificate 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-07-05 03:15 修改: 2023-08-24 19:15
org.bouncycastle:bcprov-jdk15on	CVE-2023-33202	中危	1.61	1.70	bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33202 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-11-23 16:15 修改: 2024-09-09 13:53
org.bouncycastle:bcprov-jdk15on	CVE-2024-29857	中危	1.61	1.78	org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-05-14 15:17 修改: 2024-08-15 19:35
org.bouncycastle:bcprov-jdk15on	CVE-2024-30171	中危	1.61	1.78	bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-05-14 15:21 修改: 2024-08-19 18:35
org.bouncycastle:bcprov-jdk15on	CVE-2024-30172	中危	1.61	1.78	org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30172 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-05-14 15:21 修改: 2024-06-14 13:15
org.codehaus.groovy:groovy	CVE-2020-17521	中危	3.0.3	2.4.21, 2.5.14, 3.0.7	groovy: OS temporary directory leads to information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-17521 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-12-07 20:15 修改: 2023-11-07 03:19
io.netty:netty-codec-http	CVE-2024-29025	中危	4.1.42.Final	4.1.108.Final	netty-codec-http: Allocation of Resources Without Limits or Throttling 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-03-25 20:15 修改: 2024-06-21 22:15
io.grpc:grpc-protobuf	CVE-2023-32732	中危	1.32.1	1.53.0	gRPC: denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32732 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-06-09 11:15 修改: 2023-08-02 16:43
org.eclipse.jetty:jetty-http	CVE-2023-40167	中危	9.4.28.v20200408	9.4.52, 10.0.16, 11.0.16, 12.0.1	jetty: Improper validation of HTTP/1 content-length 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40167 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-09-15 20:15 修改: 2023-10-13 01:59
io.netty:netty-codec-http2	CVE-2021-21295	中危	4.1.51.Final	4.1.60.Final	netty: possible request smuggling in HTTP/2 due missing validation 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21295 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-03-09 19:15 修改: 2023-11-07 03:29
io.netty:netty-codec-http2	CVE-2021-21409	中危	4.1.51.Final	4.1.61.Final	netty: Request smuggling via content-length header 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21409 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-03-30 15:15 修改: 2023-11-07 03:30
org.eclipse.jetty:jetty-server	CVE-2020-27218	中危	9.4.28.v20200408	9.4.35.v20201120	jetty: buffer not correctly recycled in Gzip Request inflation 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-27218 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-11-28 01:15 修改: 2024-02-16 16:46
org.eclipse.jetty:jetty-server	CVE-2020-27223	中危	9.4.28.v20200408	9.4.37, 10.0.1, 11.0.1	jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-27223 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-02-26 22:15 修改: 2023-11-07 03:20
org.eclipse.jetty:jetty-server	CVE-2023-26048	中危	9.4.28.v20200408	9.4.51.v20230217, 10.0.14, 11.0.14	jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26048 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-04-18 21:15 修改: 2023-09-30 15:15
org.eclipse.jetty:jetty-server	CVE-2024-8184	中危	9.4.28.v20200408	12.0.9, 10.0.24, 11.0.24, 9.4.56	org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-10-14 16:15 修改: 2024-10-15 12:57
com.squareup.okio:okio	CVE-2023-3635	中危	1.13.0	3.4.0, 1.17.6	okio: GzipSource class improper exception handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-07-12 19:15 修改: 2023-10-25 15:17
io.netty:netty-handler	CVE-2019-20445	中危	4.1.42.Final	4.1.45	netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20445 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
org.elasticsearch:elasticsearch	CVE-2019-7614	中危	7.0.0	6.8.2, 7.2.1	elasticsearch: Race condition in response headers on systems with multiple submitting requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-7614 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-07-30 22:15 修改: 2023-03-03 19:17
org.elasticsearch:elasticsearch	CVE-2019-7619	中危	7.0.0	6.8.4, 7.4.0	elasticsearch: Username disclosure in API Key service 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-7619 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-10-30 14:15 修改: 2021-11-03 19:35
org.elasticsearch:elasticsearch	CVE-2020-7014	中危	7.0.0	6.8.8, 7.6.2	elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7014 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-06-03 18:15 修改: 2020-06-19 11:15
org.elasticsearch:elasticsearch	CVE-2020-7019	中危	7.0.0	7.9.0, 6.8.12	elasticsearch: scrolling search can leak fields that should be hidden allowing access restriction bypass 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7019 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-08-18 17:15 修改: 2023-01-27 20:50
org.elasticsearch:elasticsearch	CVE-2020-7021	中危	7.0.0	6.8.14, 7.10.0	elasticsearch: Information disclosure via audit logging with emit_request_body option enabled 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7021 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-02-10 19:15 修改: 2021-03-26 12:49
org.elasticsearch:elasticsearch	CVE-2021-22135	中危	7.0.0	7.11.2, 6.8.15	elasticsearch: Document disclosure flaw in the Elasticsearch suggester 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22135 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-05-13 18:15 修改: 2021-09-07 22:06
org.elasticsearch:elasticsearch	CVE-2021-22144	中危	7.0.0	6.8.17, 7.13.3	elasticsearch: uncontrolled recursion in Grok parser 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22144 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-07-26 12:15 修改: 2022-05-10 18:02
org.elasticsearch:elasticsearch	CVE-2023-31417	中危	7.0.0	7.17.13, 8.9.2	elasticsearch: Sensitive information in audit logs 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31417 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-10-26 18:15 修改: 2024-01-03 19:02
org.elasticsearch:elasticsearch	CVE-2023-31419	中危	7.0.0	7.17.13, 8.9.1	elasticsearch: StackOverflow vulnerability 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31419 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-10-26 18:15 修改: 2024-02-01 02:16
org.elasticsearch:elasticsearch	CVE-2023-46673	中危	7.0.0	7.17.14, 8.10.3	elasticsearch: Improper Handling of Exceptional Conditions 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46673 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-11-22 10:15 修改: 2023-11-30 20:22
org.elasticsearch:elasticsearch	CVE-2023-49921	中危	7.0.0	7.17.16, 8.11.2	elasticsearch: Insertion of Sensitive Information into Log File 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49921 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-07-26 05:15 修改: 2024-09-11 14:09
org.elasticsearch:elasticsearch	CVE-2024-23444	中危	7.0.0	8.13.0, 7.17.23	Elasticsearch stores private key on disk unencrypted 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23444 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-07-31 18:15 修改: 2024-08-01 12:42
org.elasticsearch:elasticsearch	CVE-2024-23450	中危	7.0.0	7.17.19, 8.13.0	elasticsearch: Possible denial of service when processing documents in a deeply nested pipeline 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23450 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-03-27 17:15 修改: 2024-06-10 17:16
org.jetbrains.kotlin:kotlin-stdlib	CVE-2020-29582	中危	1.1.60	1.4.21	kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-29582 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-02-03 16:15 修改: 2023-11-07 03:21
org.jetbrains.kotlin:kotlin-stdlib	CVE-2022-24329	中危	1.1.60	1.6.0	kotlin: Not possible to lock dependencies for Multiplatform Gradle Projects 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24329 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-02-25 15:15 修改: 2024-10-29 15:36
io.netty:netty-handler	CVE-2023-34462	中危	4.1.42.Final	4.1.94.Final	netty: SniHandler 16MB allocation leads to OOM 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-06-22 23:15 修改: 2024-06-21 19:15
io.kubernetes:client-java	CVE-2021-25738	中危	8.0.0	11.0.1	kubernetes-client: Loading specially-crafted yaml can lead to code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-25738 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-10-11 19:15 修改: 2022-10-28 13:48
org.xerial.snappy:snappy-java	CVE-2023-34453	中危	1.1.7.3	1.1.10.1	snappy-java: Integer overflow in shuffle leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34453 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-06-15 17:15 修改: 2023-06-27 15:59
org.xerial.snappy:snappy-java	CVE-2023-34454	中危	1.1.7.3	1.1.10.1	snappy-java: Integer overflow in compress leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34454 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-06-15 17:15 修改: 2023-06-27 16:04
com.alibaba.nacos:nacos-common	CVE-2021-44667	中危	1.3.1	2.0.4	Cross-site Scripting in Nacos 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44667 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-03-11 19:15 修改: 2022-03-18 20:01
com.fasterxml.jackson.core:jackson-databind	CVE-2019-12384	中危	2.9.5	2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3	jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution 漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2019-06-24 16:15 修改: 2023-11-07 03:03
com.google.guava:guava	CVE-2023-2976	中危	28.1-jre	32.0.0-android	guava: insecure temporary directory creation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
org.yaml:snakeyaml	CVE-2022-38749	中危	1.18	1.31	snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38749 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
org.yaml:snakeyaml	CVE-2022-38750	中危	1.18	1.31	snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38750 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
org.yaml:snakeyaml	CVE-2022-38751	中危	1.18	1.31	snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38751 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
org.yaml:snakeyaml	CVE-2022-38752	中危	1.18	1.32	snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38752 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
org.yaml:snakeyaml	CVE-2022-41854	中危	1.18	1.32	dev-java/snakeyaml: DoS via stack overflow 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41854 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-11-11 13:15 修改: 2024-06-21 19:15
org.apache.logging.log4j:log4j-core	CVE-2020-9488	低危	2.9.0	2.13.2, 2.12.3, 2.3.2	log4j: improper validation of certificate with host mismatch in SMTP appender 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9488 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-04-27 16:15 修改: 2023-11-07 03:26
org.eclipse.jetty:jetty-server	CVE-2021-34428	低危	9.4.28.v20200408	9.4.41, 10.0.3, 11.0.3	jetty: SessionListener can prevent a session from being invalidated breaking logout 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-34428 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-06-22 15:15 修改: 2023-11-07 03:35
org.eclipse.jetty:jetty-server	CVE-2023-26049	低危	9.4.28.v20200408	9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0	jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26049 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-04-18 21:15 修改: 2024-02-01 15:36
org.eclipse.jetty:jetty-http	CVE-2022-2047	低危	9.4.28.v20200408	9.4.47, 10.0.10, 11.0.10	jetty-http: improver hostname input handling 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2047 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-07-07 21:15 修改: 2022-10-25 19:10
org.eclipse.jetty:jetty-http	CVE-2024-6763	低危	9.4.28.v20200408	12.0.12	org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-10-14 16:15 修改: 2024-10-15 12:57
com.google.guava:guava	CVE-2020-8908	低危	28.1-jre	32.0.0-android	guava: local information disclosure via temporary directory created with unsafe permissions 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
org.elasticsearch:elasticsearch	CVE-2020-7020	低危	7.0.0	6.8.13, 7.9.2	elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7020 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-10-22 17:15 修改: 2022-06-03 18:56

skywalking/bin/swctl (gobinary)

低危漏洞:1

中危漏洞:37

高危漏洞:55

严重漏洞:4

软件包	漏洞	安全状态	安装版本	修复版本	漏洞信息
stdlib	CVE-2022-23806	严重	1.13.15	1.16.14, 1.17.7	golang: crypto/elliptic: IsOnCurve returns true for invalid field elements 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23806 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-02-11 01:15 修改: 2023-04-20 00:15
stdlib	CVE-2023-24538	严重	1.13.15	1.19.8, 1.20.3	golang: html/template: backticks not treated as string delimiters 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24538 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24540	严重	1.13.15	1.19.9, 1.20.4	golang: html/template: improper handling of JavaScript whitespace 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24540 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2024-24790	严重	1.13.15	1.21.11, 1.22.4	golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24790 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-06-05 16:15 修改: 2024-09-03 18:35
golang.org/x/crypto	CVE-2022-27191	高危	v0.0.0-20191122220453-ac88ee75c92c	0.0.0-20220314234659-1baeb1ce4c0b	golang: crash in a golang.org/x/crypto/ssh server 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27191 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-03-18 07:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2021-33194	高危	v0.0.0-20200226121028-0de0cce0169b	0.0.0-20210520170846-37e1c6afe023	golang: x/net/html: infinite loop in ParseFragment 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33194 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-05-26 15:15 修改: 2023-11-07 03:35
golang.org/x/net	CVE-2022-27664	高危	v0.0.0-20200226121028-0de0cce0169b	0.0.0-20220906165146-f3363e06e74c	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
golang.org/x/net	CVE-2022-41723	高危	v0.0.0-20200226121028-0de0cce0169b	0.7.0	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
golang.org/x/net	CVE-2023-39325	高危	v0.0.0-20200226121028-0de0cce0169b	0.17.0	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
golang.org/x/text	CVE-2021-38561	高危	v0.3.0	0.3.7	golang: out-of-bounds read in golang.org/x/text/language leads to DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38561 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-12-26 06:15 修改: 2023-01-05 04:52
golang.org/x/text	CVE-2022-32149	高危	v0.3.0	0.3.8	golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32149 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-10-14 15:15 修改: 2022-10-18 17:41
google.golang.org/grpc	GHSA-m425-mq94-257g	高危	v1.24.0	1.56.3, 1.57.1, 1.58.3	gRPC-Go HTTP/2 Rapid Reset vulnerability 漏洞详情: https://github.com/advisories/GHSA-m425-mq94-257g 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
golang.org/x/crypto	CVE-2020-29652	高危	v0.0.0-20191122220453-ac88ee75c92c	0.0.0-20201216223049-8b5274cf687f	golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-29652 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-12-17 05:15 修改: 2023-11-07 03:21
golang.org/x/crypto	CVE-2020-7919	高危	v0.0.0-20191122220453-ac88ee75c92c	0.0.0-20200124225646-8b5121be2f68	golang: Integer overflow on 32bit architectures via crafted certificate allows for denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7919 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-03-16 21:15 修改: 2023-11-07 03:26
golang.org/x/crypto	CVE-2020-9283	高危	v0.0.0-20191122220453-ac88ee75c92c	0.0.0-20200220183623-bac4c82f6975	golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9283 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-02-20 20:15 修改: 2023-11-07 03:26
golang.org/x/crypto	CVE-2021-43565	高危	v0.0.0-20191122220453-ac88ee75c92c	0.0.0-20211202192323-5770296d904e	golang.org/x/crypto: empty plaintext packet causes panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43565 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:39
stdlib	CVE-2021-27918	高危	1.13.15	1.15.9, 1.16.1	golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27918 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-03-11 00:15 修改: 2022-12-13 16:28
stdlib	CVE-2021-33195	高危	1.13.15	1.15.13, 1.16.5	golang: net: lookup functions may return invalid host names 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33195 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-08-02 19:15 修改: 2022-09-14 21:11
stdlib	CVE-2021-33196	高危	1.13.15	1.15.13, 1.16.5	golang: archive/zip: malformed archive may cause panic or memory exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33196 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-08-02 19:15 修改: 2023-04-20 00:15
stdlib	CVE-2021-33198	高危	1.13.15	1.15.13, 1.16.5	golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33198 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-08-02 19:15 修改: 2022-09-14 21:11
stdlib	CVE-2021-39293	高危	1.13.15	1.16.8, 1.17.1	golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39293 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-01-24 01:15 修改: 2023-04-20 00:15
stdlib	CVE-2021-41771	高危	1.13.15	1.16.10, 1.17.3	golang: debug/macho: invalid dynamic symbol table command can cause panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41771 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-11-08 06:15 修改: 2023-11-07 03:39
stdlib	CVE-2021-41772	高危	1.13.15	1.16.10, 1.17.3	golang: archive/zip: Reader.Open panics on empty string 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41772 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-11-08 06:15 修改: 2023-11-07 03:39
stdlib	CVE-2021-44716	高危	1.13.15	1.16.12, 1.17.5	golang: net/http: limit growth of header canonicalization cache 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44716 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-01-01 05:15 修改: 2023-04-20 00:15
stdlib	CVE-2022-23772	高危	1.13.15	1.16.14, 1.17.7	golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23772 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-02-11 01:15 修改: 2022-11-09 21:51
stdlib	CVE-2022-24675	高危	1.13.15	1.17.9, 1.18.1	golang: encoding/pem: fix stack overflow in Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24675 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-04-20 10:15 修改: 2023-11-07 03:44
stdlib	CVE-2022-24921	高危	1.13.15	1.16.15, 1.17.8	golang: regexp: stack exhaustion via a deeply nested expression 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24921 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-03-05 20:15 修改: 2023-08-08 14:22
stdlib	CVE-2022-27664	高危	1.13.15	1.18.6, 1.19.1	golang: net/http: handle server errors after sending GOAWAY 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-27664 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-09-06 18:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28131	高危	1.13.15	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Decoder.Skip 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28131 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-28327	高危	1.13.15	1.17.9, 1.18.1	golang: crypto/elliptic: panic caused by oversized scalar 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28327 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-04-20 10:15 修改: 2023-11-07 03:45
stdlib	CVE-2022-2879	高危	1.13.15	1.18.7, 1.19.2	golang: archive/tar: unbounded memory consumption when reading headers 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2879 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-2880	高危	1.13.15	1.18.7, 1.19.2	golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2880 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-10-14 15:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-29804	高危	1.13.15	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29804 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-30580	高危	1.13.15	1.17.11, 1.18.3	golang: os/exec: Code injection in Cmd.Start 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30580 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30630	高危	1.13.15	1.17.12, 1.18.4	golang: io/fs: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30630 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30631	高危	1.13.15	1.17.12, 1.18.4	golang: compress/gzip: stack exhaustion in Reader.Read 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30631 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30632	高危	1.13.15	1.17.12, 1.18.4	golang: path/filepath: stack exhaustion in Glob 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30632 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30633	高危	1.13.15	1.17.12, 1.18.4	golang: encoding/xml: stack exhaustion in Unmarshal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30633 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30634	高危	1.13.15	1.17.11, 1.18.3	ELSA-2022-17957: ol8addon security update (IMPORTANT) 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30634 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-07-15 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-30635	高危	1.13.15	1.17.12, 1.18.4	golang: encoding/gob: stack exhaustion in Decoder.Decode 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30635 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-32189	高危	1.13.15	1.17.13, 1.18.5	golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32189 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-03-03 15:39
stdlib	CVE-2022-41715	高危	1.13.15	1.18.7, 1.19.2	golang: regexp/syntax: limit memory used by parsing regexps 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41715 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-10-14 15:16 修改: 2023-11-25 11:15
stdlib	CVE-2022-41716	高危	1.13.15	1.18.8, 1.19.3	Due to unsanitized NUL values, attackers may be able to maliciously se ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41716 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-11-02 16:15 修改: 2024-10-30 14:35
stdlib	CVE-2022-41720	高危	1.13.15	1.18.9, 1.19.4	golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41720 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-12-07 17:15 修改: 2022-12-12 14:58
stdlib	CVE-2022-41722	高危	1.13.15	1.19.6, 1.20.1	golang: path/filepath: path-filepath filepath.Clean path traversal 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41722 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-02-28 18:15 修改: 2023-11-07 03:52
stdlib	CVE-2022-41723	高危	1.13.15	1.19.6, 1.20.1	golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41723 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41724	高危	1.13.15	1.19.6, 1.20.1	golang: crypto/tls: large handshake records may cause panics 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41724 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2022-41725	高危	1.13.15	1.19.6, 1.20.1	golang: net/http, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41725 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-02-28 18:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24534	高危	1.13.15	1.19.8, 1.20.3	golang: net/http, net/textproto: denial of service from excessive memory allocation 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24534 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24536	高危	1.13.15	1.19.8, 1.20.3	golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24536 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24537	高危	1.13.15	1.19.8, 1.20.3	golang: go/parser: Infinite loop in parsing 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24537 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-04-06 16:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-24539	高危	1.13.15	1.19.9, 1.20.4	golang: html/template: improper sanitization of CSS values 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24539 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29400	高危	1.13.15	1.19.9, 1.20.4	golang: html/template: improper handling of empty HTML attributes 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29400 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-05-11 16:15 修改: 2023-11-07 04:11
stdlib	CVE-2023-29403	高危	1.13.15	1.19.10, 1.20.5	golang: runtime: unexpected behavior of setuid/setgid binaries 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29403 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-06-08 21:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39325	高危	1.13.15	1.20.10, 1.21.3	golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39325 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-10-11 22:15 修改: 2024-04-28 04:15
stdlib	CVE-2023-45283	高危	1.13.15	1.20.11, 1.21.4, 1.20.12, 1.21.5	The filepath package does not recognize paths with a \??\ prefix as sp ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45283 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-11-09 17:15 修改: 2023-12-14 10:15
stdlib	CVE-2023-45287	高危	1.13.15	1.20.0	golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45287 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-12-05 17:15 修改: 2024-01-12 14:15
stdlib	CVE-2023-45288	高危	1.13.15	1.21.9, 1.22.2	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
stdlib	CVE-2024-34156	高危	1.13.15	1.22.7, 1.23.1	encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34156 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-09-06 21:15 修改: 2024-09-09 15:35
golang.org/x/net	CVE-2023-45288	中危	v0.0.0-20200226121028-0de0cce0169b	0.23.0	golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45288 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-04-04 21:15 修改: 2024-08-26 21:35
golang.org/x/sys	CVE-2022-29526	中危	v0.0.0-20200116001909-b77594299b42	0.0.0-20220412211240-33da011f77ad	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
golang.org/x/crypto	CVE-2023-48795	中危	v0.0.0-20191122220453-ac88ee75c92c	0.17.0	ssh: Prefix truncation attack on Binary Packet Protocol (BPP) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-48795 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-12-18 16:15 修改: 2024-05-01 18:15
golang.org/x/net	CVE-2021-31525	中危	v0.0.0-20200226121028-0de0cce0169b	0.0.0-20210428140749-89ef3d95e781	golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31525 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-05-27 13:15 修改: 2023-11-07 03:34
golang.org/x/text	CVE-2020-14040	中危	v0.3.0	0.3.3	golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14040 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-06-17 20:15 修改: 2023-11-07 03:17
golang.org/x/net	CVE-2022-41717	中危	v0.0.0-20200226121028-0de0cce0169b	0.4.0	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
google.golang.org/grpc	CVE-2023-44487	中危	v1.24.0	1.58.3, 1.57.1, 1.56.3	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-10-10 14:15 修改: 2024-08-14 19:57
golang.org/x/net	CVE-2023-3978	中危	v0.0.0-20200226121028-0de0cce0169b	0.13.0	golang.org/x/net/html: Cross site scripting 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3978 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-08-02 20:15 修改: 2023-11-07 04:20
golang.org/x/net	CVE-2023-44487	中危	v0.0.0-20200226121028-0de0cce0169b	0.17.0	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-10-10 14:15 修改: 2024-08-14 19:57
stdlib	CVE-2020-24553	中危	1.13.15	1.14.8, 1.15.1	golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS 漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24553 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2020-09-02 17:15 修改: 2023-11-07 03:20
stdlib	CVE-2021-3114	中危	1.13.15	1.14.14, 1.15.7	golang: crypto/elliptic: incorrect operations on the P-224 curve 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3114 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-01-26 18:16 修改: 2023-11-07 03:37
stdlib	CVE-2021-31525	中危	1.13.15	1.15.12, 1.16.4	golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31525 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-05-27 13:15 修改: 2023-11-07 03:34
stdlib	CVE-2021-33197	中危	1.13.15	1.15.13, 1.16.5	golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33197 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-08-02 19:15 修改: 2022-09-14 21:11
stdlib	CVE-2021-34558	中危	1.13.15	1.15.14, 1.16.6	golang: crypto/tls: certificate of wrong type is causing TLS client to panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-34558 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-07-15 14:15 修改: 2023-11-07 03:36
stdlib	CVE-2021-36221	中危	1.13.15	1.15.15, 1.16.7	golang: net/http/httputil: panic due to racy read of persistConn after handler panic 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36221 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2021-08-08 06:15 修改: 2023-11-07 03:36
stdlib	CVE-2021-44717	中危	1.13.15	1.16.12, 1.17.5	golang: syscall: don't close fd 0 on ForkExec error 漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44717 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-01-01 05:15 修改: 2023-08-08 14:22
stdlib	CVE-2022-1705	中危	1.13.15	1.17.12, 1.18.4	golang: net/http: improper sanitization of Transfer-Encoding header 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1705 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-1962	中危	1.13.15	1.17.12, 1.18.4	golang: go/parser: stack exhaustion in all Parse* functions 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1962 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:42
stdlib	CVE-2022-29526	中危	1.13.15	1.17.10, 1.18.2	golang: syscall: faccessat checks wrong group 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-29526 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-06-23 17:15 修改: 2023-11-07 03:46
stdlib	CVE-2022-32148	中危	1.13.15	1.17.12, 1.18.4	golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-32148 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47
stdlib	CVE-2022-41717	中危	1.13.15	1.18.9, 1.19.4	golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41717 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-12-08 20:15 修改: 2024-01-18 03:15
stdlib	CVE-2023-24532	中危	1.13.15	1.19.7, 1.20.2	golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24532 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-03-08 20:15 修改: 2023-11-07 04:08
stdlib	CVE-2023-29406	中危	1.13.15	1.19.11, 1.20.6	golang: net/http: insufficient sanitization of Host header 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29406 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-07-11 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-29409	中危	1.13.15	1.19.12, 1.20.7, 1.21.0-rc.4	golang: crypto/tls: slow verification of certificate chains containing large RSA keys 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-29409 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-08-02 20:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39318	中危	1.13.15	1.20.8, 1.21.1	golang: html/template: improper handling of HTML-like comments within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39318 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39319	中危	1.13.15	1.20.8, 1.21.1	golang: html/template: improper handling of special tags within script contexts 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39319 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-09-08 17:15 修改: 2023-11-25 11:15
stdlib	CVE-2023-39326	中危	1.13.15	1.20.12, 1.21.5	golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39326 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-12-06 17:15 修改: 2024-01-20 04:15
stdlib	CVE-2023-45284	中危	1.13.15	1.20.11, 1.21.4	On Windows, The IsLocal function does not correctly detect reserved de ... 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45284 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2023-11-09 17:15 修改: 2024-09-03 19:35
stdlib	CVE-2023-45289	中危	1.13.15	1.21.8, 1.22.1	golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45289 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2023-45290	中危	1.13.15	1.21.8, 1.22.1	golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm 漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45290 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24783	中危	1.13.15	1.21.8, 1.22.1	golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24783 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24784	中危	1.13.15	1.21.8, 1.22.1	golang: net/mail: comments in display names are incorrectly handled 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24784 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-03-05 23:15 修改: 2024-08-05 21:35
stdlib	CVE-2024-24785	中危	1.13.15	1.21.8, 1.22.1	golang: html/template: errors returned from MarshalJSON methods may break template escaping 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24785 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-03-05 23:15 修改: 2024-05-01 17:15
stdlib	CVE-2024-24789	中危	1.13.15	1.21.11, 1.22.4	golang: archive/zip: Incorrect handling of certain ZIP files 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24789 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-06-05 16:15 修改: 2024-07-03 01:48
stdlib	CVE-2024-24791	中危	1.13.15	1.21.12, 1.22.5	net/http: Denial of service due to improper 100-continue handling in net/http 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24791 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-07-02 22:15 修改: 2024-07-08 14:17
stdlib	CVE-2024-34155	中危	1.13.15	1.22.7, 1.23.1	go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34155 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-09-06 21:15 修改: 2024-09-09 13:03
stdlib	CVE-2024-34158	中危	1.13.15	1.22.7, 1.23.1	go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion 漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34158 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2024-09-06 21:15 修改: 2024-09-09 14:35
stdlib	CVE-2022-30629	低危	1.13.15	1.17.11, 1.18.3	golang: crypto/tls: session tickets lack random ticket_age_add 漏洞详情: https://avd.aquasec.com/nvd/cve-2022-30629 镜像层: sha256:bc296624a47f4e6a2febe81ecc96f4e28b07be885d7fabfa65d7796cc9469f76 发布日期: 2022-08-10 20:15 修改: 2023-11-07 03:47