com.fasterxml.jackson.core:jackson-databind |
CVE-2018-11307 |
严重 |
2.9.5 |
2.7.9.4, 2.8.11.2, 2.9.6 |
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-07-09 16:15 修改: 2024-04-03 17:40
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2018-14718 |
严重 |
2.9.5 |
2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 |
jackson-databind: arbitrary code execution in slf4j-ext class
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2018-14719 |
严重 |
2.9.5 |
2.9.7, 2.8.11.3, 2.7.9.5 |
jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2018-14720 |
严重 |
2.9.5 |
2.9.7, 2.8.11.3, 2.7.9.5 |
jackson-databind: exfiltration/XXE in some JDK classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14720
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2018-14721 |
严重 |
2.9.5 |
2.9.7, 2.8.11.3, 2.7.9.5 |
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14721
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2018-19360 |
严重 |
2.9.5 |
2.9.8, 2.8.11.3, 2.7.9.5 |
jackson-databind: improper polymorphic deserialization in axis2-transport-jms class
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19360
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2018-19361 |
严重 |
2.9.5 |
2.7.9.5, 2.9.8, 2.8.11.3 |
jackson-databind: improper polymorphic deserialization in openjpa class
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19361
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2018-19362 |
严重 |
2.9.5 |
2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 |
jackson-databind: improper polymorphic deserialization in jboss-common-core class
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14379 |
严重 |
2.9.5 |
2.9.9.2, 2.8.11.4, 2.7.9.6 |
jackson-databind: default typing mishandling leading to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-07-29 12:15 修改: 2023-11-07 03:04
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14540 |
严重 |
2.9.5 |
2.9.10, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:04
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16335 |
严重 |
2.9.5 |
2.9.10, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:05
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16942 |
严重 |
2.9.5 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16943 |
严重 |
2.9.5 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-17267 |
严重 |
2.9.5 |
2.9.10, 2.8.11.5 |
jackson-databind: Serialization gadgets in classes of the ehcache package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-10-07 00:15 修改: 2023-11-07 03:06
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-17531 |
严重 |
2.9.5 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-10-12 21:15 修改: 2023-11-07 03:06
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-20330 |
严重 |
2.9.5 |
2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 |
jackson-databind: lacks certain net.sf.ehcache blocking
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-01-03 04:15 修改: 2023-11-07 03:09
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-8840 |
严重 |
2.9.5 |
2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 |
jackson-databind: Lacks certain xbean-reflect/JNDI blocking
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-02-10 21:56 修改: 2023-11-07 03:26
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9546 |
严重 |
2.9.5 |
2.9.10.4 |
jackson-databind: Serialization gadgets in shaded-hikari-config
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9546
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9547 |
严重 |
2.9.5 |
2.9.10.4, 2.8.11.6, 2.7.9.7 |
jackson-databind: Serialization gadgets in ibatis-sqlmap
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9548 |
严重 |
2.9.5 |
2.9.10.4, 2.8.11.6, 2.7.9.7 |
jackson-databind: Serialization gadgets in anteros-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
|
com.h2database:h2 |
CVE-2021-42392 |
严重 |
1.4.196 |
2.0.206 |
h2: Remote Code Execution in Console
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42392
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-01-10 14:10 修改: 2023-02-24 22:15
|
com.h2database:h2 |
CVE-2022-23221 |
严重 |
1.4.196 |
2.1.210 |
h2: Loading of custom classes from remote servers through JNDI
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23221
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-01-19 17:15 修改: 2023-08-18 14:15
|
com.squareup.retrofit2:retrofit |
CVE-2018-1000844 |
严重 |
2.3.0 |
2.5.0 |
retrofit: XML external entity processing vulnerability in JAXB
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000844
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2018-12-20 15:29 修改: 2019-07-01 12:44
|
io.netty:netty |
CVE-2019-20444 |
严重 |
3.10.5.Final |
4.0.0 |
netty: HTTP request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20444
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
|
io.netty:netty-codec-http |
CVE-2019-20444 |
严重 |
4.1.42.Final |
4.1.44 |
netty: HTTP request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20444
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
|
log4j:log4j |
CVE-2019-17571 |
严重 |
1.2.16 |
|
log4j: deserialization of untrusted data in SocketServer
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17571
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-12-20 17:15 修改: 2023-11-07 03:06
|
log4j:log4j |
CVE-2022-23305 |
严重 |
1.2.16 |
|
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23305
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:30
|
log4j:log4j |
CVE-2022-23307 |
严重 |
1.2.16 |
|
log4j: Unsafe deserialization flaw in Chainsaw log viewer
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23307
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:29
|
org.apache.logging.log4j:log4j-core |
CVE-2021-44228 |
严重 |
2.9.0 |
2.15.0, 2.3.1, 2.12.2 |
log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44228
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-12-10 10:15 修改: 2024-07-24 17:08
|
org.apache.logging.log4j:log4j-core |
CVE-2021-45046 |
严重 |
2.9.0 |
2.16.0, 2.12.2 |
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45046
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-12-14 19:15 修改: 2024-06-27 19:24
|
org.apache.zookeeper:zookeeper |
CVE-2023-44981 |
严重 |
3.4.10 |
3.7.2, 3.8.3, 3.9.1 |
zookeeper: Authorization Bypass in Apache ZooKeeper
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44981
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-10-11 12:15 修改: 2024-06-21 19:15
|
org.codehaus.jackson:jackson-mapper-asl |
CVE-2019-10202 |
严重 |
1.9.13 |
|
codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10202
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-10-01 15:15 修改: 2023-02-12 23:33
|
org.postgresql:postgresql |
CVE-2024-1597 |
严重 |
42.2.18 |
42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 |
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1597
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-02-19 13:15 修改: 2024-06-10 17:16
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10968 |
高危 |
2.9.5 |
2.9.10.4 |
jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10968
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-26 13:15 修改: 2024-07-03 01:36
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10969 |
高危 |
2.9.5 |
2.9.10.4 |
jackson-databind: Serialization gadgets in javax.swing.JEditorPane
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10969
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-26 13:15 修改: 2024-07-03 01:36
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-11111 |
高危 |
2.9.5 |
2.9.10.4 |
jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11111
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-31 05:15 修改: 2024-07-03 01:36
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-11112 |
高危 |
2.9.5 |
2.9.10.4 |
jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11112
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-31 05:15 修改: 2024-07-03 01:36
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-11113 |
高危 |
2.9.5 |
2.9.10.4 |
jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11113
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-31 05:15 修改: 2024-07-03 01:36
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-11619 |
高危 |
2.9.5 |
2.9.10.4 |
jackson-databind: Serialization gadgets in org.springframework:spring-aop
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11619
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-04-07 23:15 修改: 2023-11-07 03:15
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-11620 |
高危 |
2.9.5 |
2.9.10.4 |
jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11620
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-04-07 23:15 修改: 2023-11-07 03:15
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-14060 |
高危 |
2.9.5 |
2.9.10.5 |
jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14060
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-06-14 21:15 修改: 2023-11-07 03:17
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-14061 |
高危 |
2.9.5 |
2.9.10.5 |
jackson-databind: serialization in weblogic/oracle-aqjms
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14061
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-06-14 20:15 修改: 2023-11-07 03:17
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-14062 |
高危 |
2.9.5 |
2.9.10.5 |
jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14062
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-06-14 20:15 修改: 2023-11-07 03:17
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-14195 |
高危 |
2.9.5 |
2.9.10.5 |
jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14195
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-06-16 16:15 修改: 2021-11-17 20:20
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-24616 |
高危 |
2.9.5 |
2.9.10.6 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-08-25 18:15 修改: 2023-11-07 03:20
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-24750 |
高危 |
2.9.5 |
2.6.7.5, 2.9.10.6 |
jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-09-17 19:15 修改: 2023-09-13 14:56
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-25649 |
高危 |
2.9.5 |
2.6.7.4, 2.9.10.7, 2.10.5.1 |
jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25649
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-12-03 17:15 修改: 2023-11-07 03:20
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35490 |
高危 |
2.9.5 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35491 |
高危 |
2.9.5 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35728 |
高危 |
2.9.5 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-12-27 05:15 修改: 2023-11-07 03:22
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36179 |
高危 |
2.9.5 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36180 |
高危 |
2.9.5 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36181 |
高危 |
2.9.5 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36182 |
高危 |
2.9.5 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36183 |
高危 |
2.9.5 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-07 00:15 修改: 2023-09-13 14:56
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36184 |
高危 |
2.9.5 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36185 |
高危 |
2.9.5 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36186 |
高危 |
2.9.5 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36187 |
高危 |
2.9.5 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36188 |
高危 |
2.9.5 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36189 |
高危 |
2.9.5 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36518 |
高危 |
2.9.5 |
2.13.2.1, 2.12.6.1 |
jackson-databind: denial of service via a large depth of nested objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-03-11 07:15 修改: 2022-11-29 22:12
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2021-20190 |
高危 |
2.9.5 |
2.9.10.7, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-01-19 17:15 修改: 2023-11-07 03:28
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42003 |
高危 |
2.9.5 |
2.12.7.1, 2.13.4.2 |
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-10-02 05:15 修改: 2023-12-20 10:15
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42004 |
高危 |
2.9.5 |
2.12.7.1, 2.13.4 |
jackson-databind: use of deeply nested arrays
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-10-02 05:15 修改: 2022-12-02 15:10
|
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor |
CVE-2020-28491 |
高危 |
2.8.11 |
2.11.4, 2.12.1 |
jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28491
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-02-18 16:15 修改: 2022-12-06 21:44
|
com.google.code.gson:gson |
CVE-2022-25647 |
高危 |
2.8.6 |
2.8.9 |
com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25647
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-05-01 16:15 修改: 2022-11-28 17:33
|
com.google.protobuf:protobuf-java |
CVE-2021-22569 |
高危 |
3.13.0 |
3.16.1, 3.18.2, 3.19.2 |
protobuf-java: potential DoS in the parsing procedure for binary data
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-01-10 14:10 修改: 2023-04-18 09:15
|
com.google.protobuf:protobuf-java |
CVE-2021-22570 |
高危 |
3.13.0 |
3.15.0 |
protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22570
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-01-26 14:15 修改: 2023-11-07 03:30
|
com.google.protobuf:protobuf-java |
CVE-2022-3509 |
高危 |
3.13.0 |
3.16.3, 3.19.6, 3.20.3, 3.21.7 |
protobuf-java: Textformat parsing issue leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-12-12 13:15 修改: 2022-12-15 16:57
|
com.google.protobuf:protobuf-java |
CVE-2022-3510 |
高危 |
3.13.0 |
3.16.3, 3.19.6, 3.20.3, 3.21.7 |
protobuf-java: Message-Type Extensions parsing issue leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-12-12 13:15 修改: 2023-11-07 03:51
|
com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.13.0 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
|
com.graphql-java:graphql-java |
CVE-2022-37734 |
高危 |
8.0 |
17.4, 18.3 |
graphql-java: DoS by malicious query
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37734
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-09-12 14:15 修改: 2023-08-08 14:22
|
com.graphql-java:graphql-java |
CVE-2023-28867 |
高危 |
8.0 |
0.0.0-2023-03-20T01-49-44-80e3135, 17.5, 18.4, 19.4, 20.1 |
graphql-java: crafted GraphQL query causes stack consumption
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28867
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-03-27 01:15 修改: 2023-04-03 14:01
|
com.graphql-java:graphql-java |
CVE-2024-40094 |
高危 |
8.0 |
19.11, 20.9, 21.5 |
graphql-java: Allocation of Resources Without Limits or Throttling in GraphQL Java
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-40094
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-07-30 07:15 修改: 2024-07-30 13:32
|
com.alibaba.nacos:nacos-client |
CVE-2021-43116 |
高危 |
1.3.1 |
|
Use of Hard-coded Credentials in Nacos
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43116
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-07-05 14:15 修改: 2023-04-03 20:15
|
com.alibaba.nacos:nacos-common |
CVE-2021-29441 |
高危 |
1.3.1 |
1.4.1 |
Authentication Bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29441
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-04-27 21:15 修改: 2021-05-07 23:09
|
com.alibaba.nacos:nacos-common |
CVE-2021-29442 |
高危 |
1.3.1 |
1.4.1 |
Authentication bypass for specific endpoint
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29442
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-04-27 21:15 修改: 2021-05-07 15:37
|
com.squareup.retrofit2:retrofit |
CVE-2018-1000850 |
高危 |
2.3.0 |
2.5.0 |
retrofit: Directory traversal in RequestBuilder allows manipulation of resources
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000850
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2018-12-20 15:29 修改: 2023-11-07 02:51
|
commons-io:commons-io |
CVE-2024-47554 |
高危 |
2.6 |
2.14.0 |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-10-03 12:15 修改: 2024-10-04 13:50
|
io.grpc:grpc-protobuf |
CVE-2023-1428 |
高危 |
1.32.1 |
1.53.0 |
gRPC: Reachable Assertion
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1428
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-06-09 11:15 修改: 2023-06-15 22:17
|
io.grpc:grpc-protobuf |
CVE-2023-32731 |
高危 |
1.32.1 |
1.53.0 |
gRPC: sensitive information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32731
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-06-09 11:15 修改: 2023-06-15 22:18
|
com.ctrip.framework.apollo:apollo-core |
CVE-2020-15170 |
高危 |
1.4.0 |
1.7.1 |
Potential access control security issue in apollo-adminservice
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15170
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-09-10 19:15 修改: 2021-11-18 17:49
|
io.netty:netty |
CVE-2021-37136 |
高危 |
3.10.5.Final |
4.0.0 |
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
|
io.netty:netty |
CVE-2021-37137 |
高危 |
3.10.5.Final |
4.0.0 |
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
|
io.netty:netty-codec |
CVE-2021-37136 |
高危 |
4.1.42.Final |
4.1.68.Final |
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
|
io.netty:netty-codec |
CVE-2021-37137 |
高危 |
4.1.42.Final |
4.1.68.Final |
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2018-12022 |
高危 |
2.9.5 |
2.7.9.4, 2.8.11.2, 2.9.6 |
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-03-21 16:00 修改: 2023-11-07 02:52
|
io.netty:netty-codec-http2 |
GHSA-xpw8-rcwv-8f8p |
高危 |
4.1.51.Final |
4.1.100.Final |
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
io.netty:netty-handler |
CVE-2020-11612 |
高危 |
4.1.42.Final |
4.1.46 |
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11612
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-04-07 18:15 修改: 2023-11-07 03:14
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2018-12023 |
高危 |
2.9.5 |
2.7.9.4, 2.8.11.2, 2.9.6 |
jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12023
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-03-21 16:00 修改: 2023-11-07 02:52
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12086 |
高危 |
2.9.5 |
2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-05-17 17:29 修改: 2023-11-07 03:03
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14439 |
高危 |
2.9.5 |
2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: Polymorphic typing issue related to logback/JNDI
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-07-30 11:15 修改: 2023-11-07 03:04
|
log4j:log4j |
CVE-2021-4104 |
高危 |
1.2.16 |
|
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4104
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-12-14 12:15 修改: 2023-12-22 09:15
|
log4j:log4j |
CVE-2022-23302 |
高危 |
1.2.16 |
|
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23302
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:30
|
org.apache.commons:commons-compress |
CVE-2021-35515 |
高危 |
1.20 |
1.21 |
apache-commons-compress: infinite loop when reading a specially crafted 7Z archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35515
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
|
org.apache.commons:commons-compress |
CVE-2021-35516 |
高危 |
1.20 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35516
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
|
org.apache.commons:commons-compress |
CVE-2021-35517 |
高危 |
1.20 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35517
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
|
org.apache.commons:commons-compress |
CVE-2021-36090 |
高危 |
1.20 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36090
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
|
org.apache.commons:commons-compress |
CVE-2024-25710 |
高危 |
1.20 |
1.26.0 |
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-02-19 09:15 修改: 2024-03-07 17:15
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14892 |
高危 |
2.9.5 |
2.6.7.3, 2.8.11.5, 2.9.10 |
jackson-databind: Serialization gadgets in classes of the commons-configuration package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-02 17:15 修改: 2023-11-07 03:05
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14893 |
高危 |
2.9.5 |
2.9.10 |
jackson-databind: Serialization gadgets in classes of the xalan package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14893
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-02 21:15 修改: 2023-11-07 03:05
|
org.apache.logging.log4j:log4j-core |
CVE-2021-45105 |
高危 |
2.9.0 |
2.12.3, 2.17.0, 2.3.1 |
log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-45105
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-12-18 12:15 修改: 2022-10-06 17:31
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10650 |
高危 |
2.9.5 |
2.9.10.4 |
A deserialization flaw was discovered in jackson-databind through 2.9. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-12-26 20:15 修改: 2023-08-18 14:15
|
org.bitbucket.b_c:jose4j |
CVE-2023-31582 |
高危 |
0.7.3 |
0.9.3 |
jose4j: Insecure iteration count setting
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31582
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-10-25 18:17 修改: 2023-10-31 15:18
|
org.bouncycastle:bcprov-ext-jdk15on |
CVE-2020-28052 |
高危 |
1.66 |
1.67 |
bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28052
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-12-18 01:15 修改: 2023-11-07 03:21
|
org.bouncycastle:bcprov-jdk15on |
CVE-2020-28052 |
高危 |
1.66 |
1.67 |
bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-28052
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-12-18 01:15 修改: 2023-11-07 03:21
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10672 |
高危 |
2.9.5 |
2.9.10.4 |
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10672
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-18 22:15 修改: 2024-07-03 01:36
|
org.codehaus.jackson:jackson-mapper-asl |
CVE-2019-10172 |
高危 |
1.9.13 |
|
jackson-mapper-asl: XML external entity similar to CVE-2016-3720
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10172
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-11-18 17:15 修改: 2023-02-12 23:33
|
org.elasticsearch:elasticsearch |
CVE-2020-7009 |
高危 |
7.5.0 |
6.8.8, 7.6.2 |
elasticsearch: Generating API keys with specific steps could result in generating API key with elevated privileges
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7009
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-31 19:15 修改: 2020-04-09 14:58
|
org.elasticsearch:elasticsearch |
CVE-2023-31418 |
高危 |
7.5.0 |
7.17.13, 8.9.0 |
elasticsearch: uncontrolled resource consumption
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31418
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-10-26 18:15 修改: 2023-11-30 22:15
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10673 |
高危 |
2.9.5 |
2.9.10.4, 2.6.7.4 |
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-03-18 22:15 修改: 2024-07-03 01:36
|
org.postgresql:postgresql |
CVE-2022-21724 |
高危 |
42.2.18 |
42.2.25, 42.3.2 |
jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21724
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-02-02 12:15 修改: 2023-11-07 03:43
|
org.postgresql:postgresql |
CVE-2022-31197 |
高危 |
42.2.18 |
42.2.26, 42.4.1, 42.3.7 |
postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31197
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-08-03 19:15 修改: 2023-11-07 03:47
|
org.xerial.snappy:snappy-java |
CVE-2023-34455 |
高危 |
1.1.7.3 |
1.1.10.1 |
snappy-java: Unchecked chunk length leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34455
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-06-15 18:15 修改: 2024-02-01 14:17
|
org.xerial.snappy:snappy-java |
CVE-2023-43642 |
高危 |
1.1.7.3 |
1.1.10.4 |
snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43642
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-09-25 20:15 修改: 2023-09-26 15:46
|
org.yaml:snakeyaml |
CVE-2022-1471 |
高危 |
1.28 |
2.0 |
SnakeYaml: Constructor Deserialization Remote Code Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-12-01 11:15 修改: 2024-06-21 19:15
|
org.yaml:snakeyaml |
CVE-2022-25857 |
高危 |
1.28 |
1.31 |
snakeyaml: Denial of Service due to missing nested depth limitation for collections
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25857
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-08-30 05:15 修改: 2024-03-15 11:15
|
io.netty:netty |
CVE-2021-21295 |
中危 |
3.10.5.Final |
4.0.0 |
netty: possible request smuggling in HTTP/2 due missing validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21295
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-03-09 19:15 修改: 2023-11-07 03:29
|
io.netty:netty |
CVE-2021-21409 |
中危 |
3.10.5.Final |
4.0.0 |
netty: Request smuggling via content-length header
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21409
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-03-30 15:15 修改: 2023-11-07 03:30
|
io.netty:netty |
CVE-2021-43797 |
中危 |
3.10.5.Final |
4.0.0 |
netty: control chars in header names may lead to HTTP request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-12-09 19:15 修改: 2023-02-24 15:47
|
com.google.guava:guava |
CVE-2023-2976 |
中危 |
28.1-jre |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
|
org.apache.httpcomponents:httpclient |
CVE-2020-13956 |
中危 |
4.5.10 |
4.5.13, 5.0.3 |
apache-httpclient: incorrect handling of malformed authority component in request URIs
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-12-02 17:15 修改: 2023-11-07 03:17
|
org.apache.kafka:kafka-clients |
CVE-2021-38153 |
中危 |
2.4.1 |
2.6.3, 2.7.2, 2.8.1 |
Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38153
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-09-22 09:15 修改: 2023-11-07 03:37
|
commons-io:commons-io |
CVE-2021-29425 |
中危 |
2.6 |
2.7 |
apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29425
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-04-13 07:15 修改: 2023-11-07 03:32
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12814 |
中危 |
2.9.5 |
2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-06-19 14:15 修改: 2023-11-07 03:03
|
io.netty:netty-codec-http |
CVE-2021-21290 |
中危 |
4.1.42.Final |
4.1.59.Final |
netty: Information disclosure via the local system temporary directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21290
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-02-08 20:15 修改: 2023-11-07 03:29
|
org.apache.logging.log4j:log4j-core |
CVE-2021-44832 |
中危 |
2.9.0 |
2.3.2, 2.12.4, 2.17.1 |
log4j-core: remote code execution via JDBC Appender
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44832
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-12-28 20:15 修改: 2023-11-07 03:39
|
io.netty:netty-codec-http |
CVE-2021-43797 |
中危 |
4.1.42.Final |
4.1.71.Final |
netty: control chars in header names may lead to HTTP request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-12-09 19:15 修改: 2023-02-24 15:47
|
org.apache.zookeeper:zookeeper |
CVE-2019-0201 |
中危 |
3.4.10 |
3.4.14, 3.5.5 |
zookeeper: Information disclosure in Apache ZooKeeper
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-0201
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-05-23 14:29 修改: 2023-11-07 03:01
|
io.netty:netty-codec-http |
CVE-2022-24823 |
中危 |
4.1.42.Final |
4.1.77.Final |
netty: world readable temporary file containing sensitive data
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24823
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-05-06 12:15 修改: 2022-12-03 14:25
|
org.bitbucket.b_c:jose4j |
CVE-2023-51775 |
中危 |
0.7.3 |
0.9.4 |
jose4j: denial of service via specially crafted JWE
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-51775
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-02-29 01:42 修改: 2024-08-14 19:35
|
org.bitbucket.b_c:jose4j |
GHSA-jgvc-jfgh-rjvv |
中危 |
0.7.3 |
0.9.3 |
Chosen Ciphertext Attack in Jose4j
漏洞详情: https://github.com/advisories/GHSA-jgvc-jfgh-rjvv
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
io.netty:netty-codec-http |
CVE-2024-29025 |
中危 |
4.1.42.Final |
4.1.108.Final |
netty-codec-http: Allocation of Resources Without Limits or Throttling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-03-25 20:15 修改: 2024-06-21 22:15
|
org.bouncycastle:bcprov-ext-jdk15on |
CVE-2023-33201 |
中危 |
1.66 |
|
bouncycastle: potential blind LDAP injection attack using a self-signed certificate
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-07-05 03:15 修改: 2023-08-24 19:15
|
org.bouncycastle:bcprov-ext-jdk15on |
CVE-2023-33202 |
中危 |
1.66 |
1.73 |
bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33202
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-11-23 16:15 修改: 2024-09-09 13:53
|
com.google.protobuf:protobuf-java |
CVE-2022-3171 |
中危 |
3.13.0 |
3.21.7, 3.20.3, 3.19.6, 3.16.3 |
protobuf-java: timeout in parser leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-10-12 23:15 修改: 2023-11-07 03:50
|
org.bouncycastle:bcprov-jdk15on |
CVE-2023-33201 |
中危 |
1.66 |
|
bouncycastle: potential blind LDAP injection attack using a self-signed certificate
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-07-05 03:15 修改: 2023-08-24 19:15
|
org.bouncycastle:bcprov-jdk15on |
CVE-2023-33202 |
中危 |
1.66 |
1.70 |
bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33202
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-11-23 16:15 修改: 2024-09-09 13:53
|
org.bouncycastle:bcprov-jdk15on |
CVE-2024-29857 |
中危 |
1.66 |
1.78 |
org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-05-14 15:17 修改: 2024-08-15 19:35
|
org.bouncycastle:bcprov-jdk15on |
CVE-2024-30171 |
中危 |
1.66 |
1.78 |
bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-05-14 15:21 修改: 2024-08-19 18:35
|
org.bouncycastle:bcprov-jdk15on |
CVE-2024-30172 |
中危 |
1.66 |
1.78 |
org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30172
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-05-14 15:21 修改: 2024-06-14 13:15
|
org.codehaus.groovy:groovy |
CVE-2020-17521 |
中危 |
3.0.3 |
2.4.21, 2.5.14, 3.0.7 |
groovy: OS temporary directory leads to information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-17521
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-12-07 20:15 修改: 2023-11-07 03:19
|
io.netty:netty-codec-http2 |
CVE-2021-21295 |
中危 |
4.1.51.Final |
4.1.60.Final |
netty: possible request smuggling in HTTP/2 due missing validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21295
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-03-09 19:15 修改: 2023-11-07 03:29
|
io.netty:netty-codec-http2 |
CVE-2021-21409 |
中危 |
4.1.51.Final |
4.1.61.Final |
netty: Request smuggling via content-length header
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21409
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-03-30 15:15 修改: 2023-11-07 03:30
|
org.eclipse.jetty:jetty-http |
CVE-2023-40167 |
中危 |
9.4.40.v20210413 |
9.4.52, 10.0.16, 11.0.16, 12.0.1 |
jetty: Improper validation of HTTP/1 content-length
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40167
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-09-15 20:15 修改: 2023-10-13 01:59
|
org.eclipse.jetty:jetty-server |
CVE-2023-26048 |
中危 |
9.4.40.v20210413 |
9.4.51.v20230217, 10.0.14, 11.0.14 |
jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26048
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-04-18 21:15 修改: 2023-09-30 15:15
|
org.eclipse.jetty:jetty-server |
CVE-2024-8184 |
中危 |
9.4.40.v20210413 |
12.0.9, 10.0.24, 11.0.24, 9.4.56 |
org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-10-14 16:15 修改: 2024-10-15 12:57
|
io.grpc:grpc-protobuf |
CVE-2023-32732 |
中危 |
1.32.1 |
1.53.0 |
gRPC: denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-32732
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-06-09 11:15 修改: 2023-08-02 16:43
|
io.netty:netty-handler |
CVE-2019-20445 |
中危 |
4.1.42.Final |
4.1.45 |
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20445
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
|
org.elasticsearch:elasticsearch |
CVE-2020-7014 |
中危 |
7.5.0 |
6.8.8, 7.6.2 |
elasticsearch: Incomplete fix for CVE-2020-7009 could result in generating API key with elevated privileges
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7014
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-06-03 18:15 修改: 2020-06-19 11:15
|
org.elasticsearch:elasticsearch |
CVE-2020-7019 |
中危 |
7.5.0 |
7.9.0, 6.8.12 |
elasticsearch: scrolling search can leak fields that should be hidden allowing access restriction bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7019
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-08-18 17:15 修改: 2023-01-27 20:50
|
org.elasticsearch:elasticsearch |
CVE-2020-7021 |
中危 |
7.5.0 |
6.8.14, 7.10.0 |
elasticsearch: Information disclosure via audit logging with emit_request_body option enabled
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7021
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-02-10 19:15 修改: 2021-03-26 12:49
|
org.elasticsearch:elasticsearch |
CVE-2021-22135 |
中危 |
7.5.0 |
7.11.2, 6.8.15 |
elasticsearch: Document disclosure flaw in the Elasticsearch suggester
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22135
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-05-13 18:15 修改: 2021-09-07 22:06
|
org.elasticsearch:elasticsearch |
CVE-2021-22144 |
中危 |
7.5.0 |
6.8.17, 7.13.3 |
elasticsearch: uncontrolled recursion in Grok parser
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22144
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-07-26 12:15 修改: 2022-05-10 18:02
|
org.elasticsearch:elasticsearch |
CVE-2023-31417 |
中危 |
7.5.0 |
7.17.13, 8.9.2 |
elasticsearch: Sensitive information in audit logs
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31417
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-10-26 18:15 修改: 2024-01-03 19:02
|
org.elasticsearch:elasticsearch |
CVE-2023-31419 |
中危 |
7.5.0 |
7.17.13, 8.9.1 |
elasticsearch: StackOverflow vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31419
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-10-26 18:15 修改: 2024-02-01 02:16
|
org.elasticsearch:elasticsearch |
CVE-2023-46673 |
中危 |
7.5.0 |
7.17.14, 8.10.3 |
elasticsearch: Improper Handling of Exceptional Conditions
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46673
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-11-22 10:15 修改: 2023-11-30 20:22
|
org.elasticsearch:elasticsearch |
CVE-2023-49921 |
中危 |
7.5.0 |
7.17.16, 8.11.2 |
elasticsearch: Insertion of Sensitive Information into Log File
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49921
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-07-26 05:15 修改: 2024-09-11 14:09
|
org.elasticsearch:elasticsearch |
CVE-2024-23444 |
中危 |
7.5.0 |
8.13.0, 7.17.23 |
Elasticsearch stores private key on disk unencrypted
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23444
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-07-31 18:15 修改: 2024-08-01 12:42
|
org.elasticsearch:elasticsearch |
CVE-2024-23450 |
中危 |
7.5.0 |
7.17.19, 8.13.0 |
elasticsearch: Possible denial of service when processing documents in a deeply nested pipeline
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23450
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-03-27 17:15 修改: 2024-06-10 17:16
|
org.jetbrains.kotlin:kotlin-stdlib |
CVE-2020-29582 |
中危 |
1.1.60 |
1.4.21 |
kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-29582
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-02-03 16:15 修改: 2023-11-07 03:21
|
org.jetbrains.kotlin:kotlin-stdlib |
CVE-2022-24329 |
中危 |
1.1.60 |
1.6.0 |
kotlin: Not possible to lock dependencies for Multiplatform Gradle Projects
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24329
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-02-25 15:15 修改: 2023-02-22 17:50
|
io.netty:netty-handler |
CVE-2023-34462 |
中危 |
4.1.42.Final |
4.1.94.Final |
netty: SniHandler 16MB allocation leads to OOM
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-06-22 23:15 修改: 2024-06-21 19:15
|
io.kubernetes:client-java |
CVE-2021-25738 |
中危 |
11.0.0 |
11.0.1 |
kubernetes-client: Loading specially-crafted yaml can lead to code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-25738
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-10-11 19:15 修改: 2022-10-28 13:48
|
com.squareup.okio:okio |
CVE-2023-3635 |
中危 |
1.17.2 |
3.4.0, 1.17.6 |
okio: GzipSource class improper exception handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-07-12 19:15 修改: 2023-10-25 15:17
|
org.postgresql:postgresql |
CVE-2022-41946 |
中危 |
42.2.18 |
42.2.27, 42.3.8, 42.4.3, 42.5.1 |
postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41946
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-11-23 20:15 修改: 2024-03-29 13:15
|
org.postgresql:postgresql |
GHSA-673j-qm5f-xpv8 |
中危 |
42.2.18 |
42.3.3 |
pgjdbc Arbitrary File Write Vulnerability
漏洞详情: https://github.com/advisories/GHSA-673j-qm5f-xpv8
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
com.alibaba.nacos:nacos-common |
CVE-2021-44667 |
中危 |
1.3.1 |
2.0.4 |
Cross-site Scripting in Nacos
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-44667
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-03-11 19:15 修改: 2022-03-18 20:01
|
com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12384 |
中危 |
2.9.5 |
2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2019-06-24 16:15 修改: 2023-11-07 03:03
|
org.xerial.snappy:snappy-java |
CVE-2023-34453 |
中危 |
1.1.7.3 |
1.1.10.1 |
snappy-java: Integer overflow in shuffle leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34453
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-06-15 17:15 修改: 2023-06-27 15:59
|
org.xerial.snappy:snappy-java |
CVE-2023-34454 |
中危 |
1.1.7.3 |
1.1.10.1 |
snappy-java: Integer overflow in compress leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34454
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-06-15 17:15 修改: 2023-06-27 16:04
|
io.netty:netty |
CVE-2019-20445 |
中危 |
3.10.5.Final |
4.0.0 |
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20445
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
|
io.netty:netty |
CVE-2021-21290 |
中危 |
3.10.5.Final |
4.0.0 |
netty: Information disclosure via the local system temporary directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21290
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-02-08 20:15 修改: 2023-11-07 03:29
|
org.yaml:snakeyaml |
CVE-2022-38749 |
中危 |
1.28 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38749
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
|
org.yaml:snakeyaml |
CVE-2022-38750 |
中危 |
1.28 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38750
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
|
org.yaml:snakeyaml |
CVE-2022-38751 |
中危 |
1.28 |
1.31 |
snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38751
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
|
org.yaml:snakeyaml |
CVE-2022-38752 |
中危 |
1.28 |
1.32 |
snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38752
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
|
org.yaml:snakeyaml |
CVE-2022-41854 |
中危 |
1.28 |
1.32 |
dev-java/snakeyaml: DoS via stack overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41854
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-11-11 13:15 修改: 2024-06-21 19:15
|
org.eclipse.jetty:jetty-server |
CVE-2021-34428 |
低危 |
9.4.40.v20210413 |
9.4.41, 10.0.3, 11.0.3 |
jetty: SessionListener can prevent a session from being invalidated breaking logout
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-34428
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2021-06-22 15:15 修改: 2023-11-07 03:35
|
org.eclipse.jetty:jetty-server |
CVE-2023-26049 |
低危 |
9.4.40.v20210413 |
9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0 |
jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26049
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2023-04-18 21:15 修改: 2024-02-01 15:36
|
org.eclipse.jetty:jetty-http |
CVE-2022-2047 |
低危 |
9.4.40.v20210413 |
9.4.47, 10.0.10, 11.0.10 |
jetty-http: improver hostname input handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2047
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-07-07 21:15 修改: 2022-10-25 19:10
|
org.elasticsearch:elasticsearch |
CVE-2020-7020 |
低危 |
7.5.0 |
6.8.13, 7.9.2 |
elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7020
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-10-22 17:15 修改: 2022-06-03 18:56
|
org.postgresql:postgresql |
CVE-2022-26520 |
低危 |
42.2.18 |
42.3.3 |
postgresql-jdbc: Arbitrary File Write Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-26520
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2022-03-10 17:47 修改: 2024-08-03 05:16
|
org.eclipse.jetty:jetty-http |
CVE-2024-6763 |
低危 |
9.4.40.v20210413 |
12.0.12 |
org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2024-10-14 16:15 修改: 2024-10-15 12:57
|
com.google.guava:guava |
CVE-2020-8908 |
低危 |
28.1-jre |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
|
org.apache.logging.log4j:log4j-core |
CVE-2020-9488 |
低危 |
2.9.0 |
2.13.2, 2.12.3, 2.3.2 |
log4j: improper validation of certificate with host mismatch in SMTP appender
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9488
镜像层: sha256:3d330b7811a74f00dcb45e5dae745b9a960b4b5b28b50f85886de79dd4a7983f
发布日期: 2020-04-27 16:15 修改: 2023-11-07 03:26
|