| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14379 |
严重 |
2.9.8 |
2.9.9.2, 2.8.11.4, 2.7.9.6 |
jackson-databind: default typing mishandling leading to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-07-29 12:15 修改: 2026-06-17 02:18
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14540 |
严重 |
2.9.8 |
2.9.10, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:18
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16335 |
严重 |
2.9.8 |
2.9.10, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:22
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16942 |
严重 |
2.9.8 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16943 |
严重 |
2.9.8 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-17267 |
严重 |
2.9.8 |
2.9.10, 2.8.11.5 |
jackson-databind: Serialization gadgets in classes of the ehcache package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-10-07 00:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-17531 |
严重 |
2.9.8 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-10-12 21:15 修改: 2026-06-17 02:24
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-20330 |
严重 |
2.9.8 |
2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 |
jackson-databind: lacks certain net.sf.ehcache blocking
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-01-03 04:15 修改: 2026-06-17 02:30
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-8840 |
严重 |
2.9.8 |
2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 |
jackson-databind: Lacks certain xbean-reflect/JNDI blocking
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-02-10 21:56 修改: 2026-06-17 03:27
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9546 |
严重 |
2.9.8 |
2.9.10.4 |
jackson-databind: Serialization gadgets in shaded-hikari-config
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9546
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9547 |
严重 |
2.9.8 |
2.9.10.4, 2.8.11.6, 2.7.9.7 |
jackson-databind: Serialization gadgets in ibatis-sqlmap
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9548 |
严重 |
2.9.8 |
2.9.10.4, 2.8.11.6, 2.7.9.7 |
jackson-databind: Serialization gadgets in anteros-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28
|
| com.hubspot.jinjava:jinjava |
CVE-2025-59340 |
严重 |
2.4.0 |
2.8.1, 2.7.5 |
jinjava has Sandbox Bypass via JavaType-Based Deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59340
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-09-17 20:15 修改: 2026-06-17 09:45
|
| com.hubspot.jinjava:jinjava |
CVE-2025-59340 |
严重 |
2.4.0 |
2.8.1, 2.7.5 |
jinjava has Sandbox Bypass via JavaType-Based Deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59340
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-09-17 20:15 修改: 2026-06-17 09:45
|
| com.hubspot.jinjava:jinjava |
CVE-2025-59340 |
严重 |
2.4.0 |
2.8.1, 2.7.5 |
jinjava has Sandbox Bypass via JavaType-Based Deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59340
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-09-17 20:15 修改: 2026-06-17 09:45
|
| com.hubspot.jinjava:jinjava |
CVE-2026-25526 |
严重 |
2.4.0 |
2.8.3, 2.7.6 |
JinJava Bypass through ForTag leads to Arbitrary Java Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25526
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-04 22:15 修改: 2026-06-17 10:24
|
| com.hubspot.jinjava:jinjava |
CVE-2026-25526 |
严重 |
2.4.0 |
2.8.3, 2.7.6 |
JinJava Bypass through ForTag leads to Arbitrary Java Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25526
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-04 22:15 修改: 2026-06-17 10:24
|
| com.hubspot.jinjava:jinjava |
CVE-2026-25526 |
严重 |
2.4.0 |
2.8.3, 2.7.6 |
JinJava Bypass through ForTag leads to Arbitrary Java Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25526
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-04 22:15 修改: 2026-06-17 10:24
|
| com.hubspot.jinjava:jinjava |
CVE-2025-59340 |
严重 |
2.5.4 |
2.8.1, 2.7.5 |
jinjava has Sandbox Bypass via JavaType-Based Deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59340
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-09-17 20:15 修改: 2026-06-17 09:45
|
| com.hubspot.jinjava:jinjava |
CVE-2025-59340 |
严重 |
2.5.4 |
2.8.1, 2.7.5 |
jinjava has Sandbox Bypass via JavaType-Based Deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59340
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-09-17 20:15 修改: 2026-06-17 09:45
|
| com.hubspot.jinjava:jinjava |
CVE-2026-25526 |
严重 |
2.5.4 |
2.8.3, 2.7.6 |
JinJava Bypass through ForTag leads to Arbitrary Java Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25526
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-04 22:15 修改: 2026-06-17 10:24
|
| com.hubspot.jinjava:jinjava |
CVE-2026-25526 |
严重 |
2.5.4 |
2.8.3, 2.7.6 |
JinJava Bypass through ForTag leads to Arbitrary Java Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25526
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-04 22:15 修改: 2026-06-17 10:24
|
| io.netty:netty |
CVE-2019-20444 |
严重 |
3.10.6.Final |
4.0.0 |
netty: HTTP request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20444
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-01-29 21:15 修改: 2026-06-17 02:30
|
| log4j:log4j |
CVE-2019-17571 |
严重 |
1.2.17 |
|
log4j: deserialization of untrusted data in SocketServer
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17571
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-12-20 17:15 修改: 2026-06-17 02:24
|
| log4j:log4j |
CVE-2022-23305 |
严重 |
1.2.17 |
|
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23305
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-01-18 16:15 修改: 2026-06-17 04:29
|
| log4j:log4j |
CVE-2022-23307 |
严重 |
1.2.17 |
|
log4j: Unsafe deserialization flaw in Chainsaw log viewer
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23307
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-01-18 16:15 修改: 2026-06-17 04:29
|
| org.apache.avro:avro |
CVE-2024-47561 |
严重 |
1.11.2 |
1.11.4 |
apache-avro: Schema parsing may trigger Remote Code Execution (RCE)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-10-03 11:15 修改: 2026-06-17 07:57
|
| org.apache.mina:mina-core |
CVE-2024-52046 |
严重 |
2.0.7 |
2.2.4, 2.1.10, 2.0.27 |
mina-core: Apache MINA: applications using unbounded deserialization may allow RCE
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52046
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-12-25 10:15 修改: 2026-06-17 08:06
|
| org.apache.mina:mina-core |
CVE-2026-41409 |
严重 |
2.0.7 |
2.0.28, 2.1.11, 2.2.6 |
Apache MINA: Apache MINA: Arbitrary code execution via incomplete deserialization fix
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41409
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-27 10:16 修改: 2026-06-17 10:46
|
| org.apache.mina:mina-core |
CVE-2026-41635 |
严重 |
2.0.7 |
2.0.28, 2.1.11, 2.2.6 |
Apache MINA: Apache MINA: Arbitrary code execution via classname allowlist bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41635
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-27 09:16 修改: 2026-06-17 10:46
|
| org.apache.zookeeper:zookeeper |
CVE-2023-44981 |
严重 |
3.5.5 |
3.7.2, 3.8.3, 3.9.1 |
zookeeper: Authorization Bypass in Apache ZooKeeper
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44981
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-10-11 12:15 修改: 2026-06-17 06:28
|
| org.apache.zookeeper:zookeeper |
CVE-2023-44981 |
严重 |
3.6.3 |
3.7.2, 3.8.3, 3.9.1 |
zookeeper: Authorization Bypass in Apache ZooKeeper
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44981
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-10-11 12:15 修改: 2026-06-17 06:28
|
| org.codehaus.jackson:jackson-mapper-asl |
CVE-2019-10202 |
严重 |
1.9.13 |
|
codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10202
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-10-01 15:15 修改: 2026-06-17 02:10
|
| org.eclipse.jetty:jetty-server |
CVE-2017-7657 |
严重 |
8.2.0.v20160908 |
9.2.25.v20180606, 9.3.24.v20180605 |
jetty: HTTP request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7657
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2018-06-26 16:29 修改: 2026-06-17 01:24
|
| org.eclipse.jetty:jetty-server |
CVE-2017-7658 |
严重 |
8.2.0.v20160908 |
9.2.25.v20180606, 9.3.24.v20180605, 9.4.11.v20180605 |
jetty: Incorrect header handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7658
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2018-06-26 17:29 修改: 2026-06-17 01:24
|
| org.glassfish.jersey.core:jersey-client |
CVE-2025-12383 |
严重 |
3.1.9 |
2.46, 3.0.17, 3.1.10 |
Eclipse Jersey has a Race Condition
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12383
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-11-18 16:15 修改: 2026-06-17 08:32
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14893 |
高危 |
2.9.8 |
2.9.10 |
jackson-databind: Serialization gadgets in classes of the xalan package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14893
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-02 21:15 修改: 2026-06-17 02:19
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10650 |
高危 |
2.9.8 |
2.9.10.4 |
A deserialization flaw was discovered in jackson-databind through 2.9. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-12-26 20:15 修改: 2026-06-17 02:48
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10672 |
高危 |
2.9.8 |
2.9.10.4 |
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10672
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-18 22:15 修改: 2026-06-17 02:48
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10673 |
高危 |
2.9.8 |
2.9.10.4, 2.6.7.4 |
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-18 22:15 修改: 2026-06-17 02:48
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10968 |
高危 |
2.9.8 |
2.9.10.4 |
jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10968
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-26 13:15 修改: 2026-06-17 02:48
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10969 |
高危 |
2.9.8 |
2.9.10.4 |
jackson-databind: Serialization gadgets in javax.swing.JEditorPane
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10969
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-26 13:15 修改: 2026-06-17 02:48
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-11111 |
高危 |
2.9.8 |
2.9.10.4 |
jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11111
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-31 05:15 修改: 2026-06-17 02:49
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-11112 |
高危 |
2.9.8 |
2.9.10.4 |
jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11112
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-31 05:15 修改: 2026-06-17 02:49
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-11113 |
高危 |
2.9.8 |
2.9.10.4 |
jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11113
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-31 05:15 修改: 2026-06-17 02:49
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-11619 |
高危 |
2.9.8 |
2.9.10.4 |
jackson-databind: Serialization gadgets in org.springframework:spring-aop
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11619
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-04-07 23:15 修改: 2026-06-17 02:50
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-11620 |
高危 |
2.9.8 |
2.9.10.4 |
jackson-databind: Serialization gadgets in commons-jelly:commons-jelly
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11620
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-04-07 23:15 修改: 2026-06-17 02:50
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-14060 |
高危 |
2.9.8 |
2.9.10.5 |
jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14060
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-06-14 21:15 修改: 2026-06-17 02:54
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-14061 |
高危 |
2.9.8 |
2.9.10.5 |
jackson-databind: serialization in weblogic/oracle-aqjms
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14061
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-06-14 20:15 修改: 2026-06-17 02:54
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-14062 |
高危 |
2.9.8 |
2.9.10.5 |
jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14062
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-06-14 20:15 修改: 2026-06-17 02:54
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-14195 |
高危 |
2.9.8 |
2.9.10.5 |
jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14195
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-06-16 16:15 修改: 2026-06-17 02:54
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-24616 |
高危 |
2.9.8 |
2.9.10.6 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-08-25 18:15 修改: 2026-06-17 03:05
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-24750 |
高危 |
2.9.8 |
2.6.7.5, 2.9.10.6 |
jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-09-17 19:15 修改: 2026-06-17 03:06
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-25649 |
高危 |
2.9.8 |
2.6.7.4, 2.9.10.7, 2.10.5.1 |
jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25649
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-03 17:15 修改: 2026-06-17 03:07
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35490 |
高危 |
2.9.8 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35491 |
高危 |
2.9.8 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35728 |
高危 |
2.9.8 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-27 05:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36179 |
高危 |
2.9.8 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36180 |
高危 |
2.9.8 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36181 |
高危 |
2.9.8 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36182 |
高危 |
2.9.8 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36183 |
高危 |
2.9.8 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36184 |
高危 |
2.9.8 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36185 |
高危 |
2.9.8 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36186 |
高危 |
2.9.8 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36187 |
高危 |
2.9.8 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36188 |
高危 |
2.9.8 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36189 |
高危 |
2.9.8 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36518 |
高危 |
2.9.8 |
2.13.2.1, 2.12.6.1 |
jackson-databind: denial of service via a large depth of nested objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-03-11 07:15 修改: 2026-06-17 03:15
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2021-20190 |
高危 |
2.9.8 |
2.9.10.7, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-01-19 17:15 修改: 2026-06-17 03:33
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42003 |
高危 |
2.9.8 |
2.12.7.1, 2.13.4.2 |
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42004 |
高危 |
2.9.8 |
2.12.7.1, 2.13.4 |
jackson-databind: use of deeply nested arrays
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| com.google.oauth-client:google-oauth-client |
CVE-2020-7692 |
高危 |
1.23.0 |
1.31.0 |
google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7692
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-07-09 14:15 修改: 2026-06-17 03:25
|
| com.google.oauth-client:google-oauth-client |
CVE-2021-22573 |
高危 |
1.23.0 |
1.33.3 |
google-oauth-client: Token signature not verified
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22573
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-05-03 16:15 修改: 2026-06-17 03:37
|
| com.google.oauth-client:google-oauth-client |
CVE-2020-7692 |
高危 |
1.30.5 |
1.31.0 |
google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7692
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-07-09 14:15 修改: 2026-06-17 03:25
|
| com.google.oauth-client:google-oauth-client |
CVE-2021-22573 |
高危 |
1.30.5 |
1.33.3 |
google-oauth-client: Token signature not verified
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22573
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-05-03 16:15 修改: 2026-06-17 03:37
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.21.7 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.21.7 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.21.7 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.21.7 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-52999 |
高危 |
2.9.8 |
2.15.0 |
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
|
| com.mchange:c3p0 |
CVE-2026-27830 |
高危 |
0.9.5.4 |
0.12.0 |
c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27830
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-26 01:16 修改: 2026-06-30 03:17
|
| com.mchange:mchange-commons-java |
CVE-2026-27727 |
高危 |
0.2.15 |
0.4.0 |
com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27727
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-25 17:25 修改: 2026-07-02 12:17
|
| com.squareup.okhttp3:okhttp |
CVE-2021-0341 |
高危 |
3.12.12 |
4.9.2 |
okhttp: information disclosure via improperly used cryptographic function
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-0341
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-02-10 17:15 修改: 2026-06-17 03:29
|
| com.squareup.okhttp3:okhttp |
CVE-2021-0341 |
高危 |
3.13.1 |
4.9.2 |
okhttp: information disclosure via improperly used cryptographic function
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-0341
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-02-10 17:15 修改: 2026-06-17 03:29
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.18.3 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| io.netty:netty |
CVE-2019-16869 |
高危 |
3.10.6.Final |
|
netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16869
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-09-26 16:15 修改: 2026-06-17 02:22
|
| io.netty:netty |
CVE-2021-37136 |
高危 |
3.10.6.Final |
4.0.0 |
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00
|
| io.netty:netty |
CVE-2021-37137 |
高危 |
3.10.6.Final |
4.0.0 |
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00
|
| io.netty:netty-codec |
CVE-2021-37136 |
高危 |
4.1.51.Final |
4.1.68.Final |
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00
|
| io.netty:netty-codec |
CVE-2021-37137 |
高危 |
4.1.51.Final |
4.1.68.Final |
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.51.Final |
4.1.133.Final |
netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.75.Final |
4.1.133.Final |
netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.87.Final |
4.1.133.Final |
netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.1.87.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.87.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.87.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2025-55163 |
高危 |
4.1.87.Final |
4.2.4.Final, 4.1.124.Final |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.netty:netty-codec-http2 |
CVE-2026-33871 |
高危 |
4.1.87.Final |
4.1.132.Final, 4.2.11.Final |
netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2026-42587 |
高危 |
4.1.87.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
GHSA-xpw8-rcwv-8f8p |
高危 |
4.1.87.Final |
4.1.100.Final |
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-10-10 22:22 修改: 2023-11-06 22:08
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.51.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-11 22:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.51.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.51.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.75.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-11 22:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.75.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.75.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.87.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-11 22:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.87.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.87.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.18.3 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.18.3 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.18.3 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| log4j:log4j |
CVE-2021-4104 |
高危 |
1.2.17 |
|
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4104
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-12-14 12:15 修改: 2026-06-17 04:19
|
| log4j:log4j |
CVE-2022-23302 |
高危 |
1.2.17 |
|
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23302
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-01-18 16:15 修改: 2026-06-17 04:29
|
| log4j:log4j |
CVE-2023-26464 |
高危 |
1.2.17 |
2.0 |
log4j1-socketappender: DoS via hashmap logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26464
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-03-10 14:15 修改: 2026-06-17 05:43
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.18.3 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| org.apache.avro:avro |
CVE-2023-39410 |
高危 |
1.11.2 |
1.11.3 |
apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39410
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-09-29 17:15 修改: 2026-06-17 06:12
|
| org.apache.commons:commons-compress |
CVE-2019-12402 |
高危 |
1.18 |
1.19 |
apache-commons-compress: Infinite loop in name encoding algorithm
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12402
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-08-30 09:15 修改: 2026-06-17 02:14
|
| org.apache.commons:commons-compress |
CVE-2021-35515 |
高危 |
1.18 |
1.21 |
apache-commons-compress: infinite loop when reading a specially crafted 7Z archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57
|
| org.apache.commons:commons-compress |
CVE-2021-35516 |
高危 |
1.18 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35516
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57
|
| org.apache.commons:commons-compress |
CVE-2021-35517 |
高危 |
1.18 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35517
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57
|
| org.apache.commons:commons-compress |
CVE-2021-36090 |
高危 |
1.18 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36090
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:58
|
| org.apache.directory.api:api-ldap-model |
CVE-2015-3250 |
高危 |
1.0.0-M20 |
1.0.0-M31 |
Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-3250
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2017-09-07 13:29 修改: 2026-05-13 00:24
|
| org.apache.jena:jena-core |
CVE-2021-39239 |
高危 |
3.12.0 |
4.2.0 |
A vulnerability in XML processing in Apache Jena, in versions up to 4. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39239
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-09-16 15:15 修改: 2026-06-17 04:03
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.18.3 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.18.3 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.18.3 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| org.apache.mina:mina-core |
CVE-2019-0231 |
高危 |
2.0.7 |
2.0.21, 2.1.1 |
mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-0231
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-10-01 20:15 修改: 2026-06-17 02:08
|
| org.apache.shiro:shiro-core |
CVE-2026-49268 |
高危 |
1.13.0 |
2.2.1, 3.0.0-alpha-2 |
A remote attacker can inject LDAP special characters into the Distingu ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49268
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-17 14:17 修改: 2026-06-18 14:45
|
| org.apache.shiro:shiro-core |
CVE-2026-49268 |
高危 |
1.13.0 |
2.2.1, 3.0.0-alpha-2 |
A remote attacker can inject LDAP special characters into the Distingu ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49268
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-17 14:17 修改: 2026-06-18 14:45
|
| org.apache.spark:spark-core_2.12 |
CVE-2025-54920 |
高危 |
3.5.3 |
3.5.7 |
org.apache.spark/spark-core: Apache Spark: Spark History Server Code Execution Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54920
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-03-16 14:17 修改: 2026-06-17 09:40
|
| org.apache.thrift:libthrift |
CVE-2020-13949 |
高危 |
0.13.0 |
0.14.0 |
libthrift: potential DoS when processing untrusted payloads
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13949
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-02-12 20:15 修改: 2026-06-17 02:53
|
| org.apache.thrift:libthrift |
CVE-2026-43869 |
高危 |
0.13.0 |
0.23.0 |
Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43869
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-05 08:16 修改: 2026-07-01 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.18.3 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.18.3 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| org.codehaus.jackson:jackson-mapper-asl |
CVE-2019-10172 |
高危 |
1.9.13 |
|
jackson-mapper-asl: XML external entity similar to CVE-2016-3720
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10172
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-11-18 17:15 修改: 2026-06-17 02:10
|
| org.codehaus.plexus:plexus-utils |
CVE-2025-67030 |
高危 |
3.2.1 |
4.0.3, 3.6.1 |
org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67030
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-03-25 18:16 修改: 2026-06-30 03:16
|
| org.codehaus.plexus:plexus-utils |
CVE-2025-67030 |
高危 |
3.2.1 |
4.0.3, 3.6.1 |
org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67030
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-03-25 18:16 修改: 2026-06-30 03:16
|
| org.eclipse.jetty:jetty-http |
CVE-2026-2332 |
高危 |
11.0.24 |
12.1.7, 12.0.33 |
org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17
|
| org.eclipse.jetty:jetty-http |
CVE-2026-2332 |
高危 |
11.0.24 |
12.1.7, 12.0.33 |
org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17
|
| org.eclipse.jetty:jetty-http |
CVE-2026-2332 |
高危 |
11.0.24 |
12.1.7, 12.0.33 |
org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17
|
| org.eclipse.jetty:jetty-http |
CVE-2026-2332 |
高危 |
11.0.24 |
12.1.7, 12.0.33 |
org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17
|
| org.eclipse.jetty:jetty-http |
CVE-2026-2332 |
高危 |
9.4.54.v20240208 |
12.1.7, 12.0.33 |
org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12086 |
高危 |
2.9.8 |
2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-05-17 17:29 修改: 2026-06-17 02:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14439 |
高危 |
2.9.8 |
2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: Polymorphic typing issue related to logback/JNDI
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-07-30 11:15 修改: 2026-06-17 02:18
|
| org.eclipse.jetty:jetty-server |
CVE-2015-2080 |
高危 |
8.2.0.v20160908 |
9.2.9.v20150224 |
jetty: remote unauthenticated credential exposure
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-2080
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2016-10-07 14:59 修改: 2026-05-06 22:30
|
| org.eclipse.jetty:jetty-server |
CVE-2017-7656 |
高危 |
8.2.0.v20160908 |
9.3.24.v20180605, 9.4.11.v20180605 |
jetty: HTTP request smuggling using the range header
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7656
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2018-06-26 15:29 修改: 2026-06-17 01:24
|
| org.eclipse.jetty:jetty-server |
CVE-2017-9735 |
高危 |
8.2.0.v20160908 |
9.4.6.v20170531, 9.3.20.v20170531, 9.2.22.v20170606 |
jetty: Timing channel attack in util/security/Password.java
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-9735
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2017-06-16 21:29 修改: 2026-06-17 01:28
|
| org.eclipse.jetty:jetty-server |
CVE-2021-28165 |
高危 |
8.2.0.v20160908 |
9.4.39, 10.0.2, 11.0.2 |
jetty: Resource exhaustion when receiving an invalid large TLS frame
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28165
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-04-01 15:15 修改: 2026-06-17 03:45
|
| org.eclipse.jetty:jetty-server |
CVE-2024-13009 |
高危 |
9.4.54.v20240208 |
9.4.57.v20241219 |
jetty-server: Jetty: Gzip Request Body Buffer Corruption
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13009
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-05-08 18:15 修改: 2026-06-17 07:00
|
| org.eclipse.jgit:org.eclipse.jgit |
CVE-2023-4759 |
高危 |
4.5.4.201711221230-r |
6.6.1.202309021850-r, 5.13.3.202401111512-r |
jgit: arbitrary file overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4759
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-09-12 10:15 修改: 2026-06-17 06:38
|
| org.elasticsearch:elasticsearch |
CVE-2019-7611 |
高危 |
2.4.3 |
5.6.15, 6.6.1 |
elasticsearch: Improper permission issue when attaching a new name to an index
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-7611
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-03-25 19:29 修改: 2026-06-17 02:40
|
| org.elasticsearch:elasticsearch |
CVE-2023-31418 |
高危 |
2.4.3 |
7.17.13, 8.9.0 |
elasticsearch: uncontrolled resource consumption
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31418
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-10-26 18:15 修改: 2026-06-17 05:56
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14892 |
高危 |
2.9.8 |
2.6.7.3, 2.8.11.5, 2.9.10 |
jackson-databind: Serialization gadgets in classes of the commons-configuration package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-03-02 17:15 修改: 2026-06-17 02:19
|
| org.jdom:jdom |
CVE-2021-33813 |
高危 |
1.1 |
|
jdom: XXE allows attackers to cause a DoS via a crafted HTTP request
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33813
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-06-16 12:15 修改: 2026-06-17 03:55
|
| org.jline:jline-remote-telnet |
GHSA-2r2c-cx56-8933 |
高危 |
3.16.0 |
4.2.1 |
JLine3 Telnet server: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry
漏洞详情: https://github.com/advisories/GHSA-2r2c-cx56-8933
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-18 13:07 修改: 2026-06-18 13:07
|
| org.jline:jline-remote-telnet |
GHSA-47qp-hqvx-6r3f |
高危 |
3.16.0 |
4.2.1 |
JLine3 Telnet server: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables
漏洞详情: https://github.com/advisories/GHSA-47qp-hqvx-6r3f
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-18 13:07 修改: 2026-06-18 13:07
|
| org.jsoup:jsoup |
CVE-2021-37714 |
高危 |
1.10.3 |
1.14.2 |
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01
|
| org.jsoup:jsoup |
CVE-2021-37714 |
高危 |
1.10.3 |
1.14.2 |
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01
|
| org.jsoup:jsoup |
CVE-2021-37714 |
高危 |
1.11.3 |
1.14.2 |
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01
|
| org.jsoup:jsoup |
CVE-2021-37714 |
高危 |
1.8.1 |
1.14.2 |
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01
|
| org.jsoup:jsoup |
CVE-2021-37714 |
高危 |
1.8.1 |
1.14.2 |
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01
|
| org.jsoup:jsoup |
CVE-2021-37714 |
高危 |
1.8.1 |
1.14.2 |
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01
|
| org.yaml:snakeyaml |
CVE-2017-18640 |
高危 |
1.15 |
1.26 |
snakeyaml: Billion laughs attack via alias feature
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-18640
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-12-12 03:15 修改: 2026-06-17 01:13
|
| org.yaml:snakeyaml |
CVE-2022-1471 |
高危 |
1.15 |
2.0 |
SnakeYaml: Constructor Deserialization Remote Code Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-12-01 11:15 修改: 2026-06-17 04:22
|
| org.yaml:snakeyaml |
CVE-2022-25857 |
高危 |
1.15 |
1.31 |
snakeyaml: Denial of Service due to missing nested depth limitation for collections
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25857
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-08-30 05:15 修改: 2026-06-17 04:34
|
| software.amazon.ion:ion-java |
CVE-2024-21634 |
高危 |
1.0.2 |
1.10.5 |
ion-java: ion-java: Ion Java StackOverflow vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21634
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-01-03 23:15 修改: 2026-06-17 07:09
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| io.netty:netty-codec-http |
CVE-2024-29025 |
中危 |
4.1.87.Final |
4.1.108.Final |
netty-codec-http: Allocation of Resources Without Limits or Throttling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-03-25 20:15 修改: 2026-06-17 07:22
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.1.87.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.87.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.87.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.87.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.87.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.1.87.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12384 |
中危 |
2.9.8 |
2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-06-24 16:15 修改: 2026-06-17 02:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12814 |
中危 |
2.9.8 |
2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-06-19 14:15 修改: 2026-06-17 02:15
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.9.8 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| io.netty:netty-codec-http2 |
CVE-2026-47244 |
中危 |
4.1.87.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-48043 |
中危 |
4.1.87.Final |
4.1.135.Final, 4.2.15.Final |
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2026-50560 |
中危 |
4.1.87.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.51.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.51.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.75.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.75.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.87.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.87.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.9.8 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.google.guava:guava |
CVE-2018-10237 |
中危 |
18.0 |
24.1.1-android |
guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2018-04-26 21:29 修改: 2026-06-17 01:33
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
18.0 |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| io.netty:netty-handler |
CVE-2023-34462 |
中危 |
4.1.51.Final |
4.1.94.Final |
netty: SniHandler 16MB allocation leads to OOM
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-22 23:15 修改: 2026-06-17 06:03
|
| com.google.guava:guava |
CVE-2018-10237 |
中危 |
19.0 |
24.1.1-android |
guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2018-04-26 21:29 修改: 2026-06-17 01:33
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
19.0 |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| com.google.guava:guava |
CVE-2018-10237 |
中危 |
20.0 |
24.1.1-android |
guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2018-04-26 21:29 修改: 2026-06-17 01:33
|
| io.netty:netty-handler |
CVE-2023-34462 |
中危 |
4.1.75.Final |
4.1.94.Final |
netty: SniHandler 16MB allocation leads to OOM
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-22 23:15 修改: 2026-06-17 06:03
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
20.0 |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
24.1.1-jre |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
25.0-jre |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| io.netty:netty-handler |
CVE-2023-34462 |
中危 |
4.1.87.Final |
4.1.94.Final |
netty: SniHandler 16MB allocation leads to OOM
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-22 23:15 修改: 2026-06-17 06:03
|
| io.netty:netty-transport-native-epoll |
CVE-2026-45536 |
中危 |
4.1.96.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.netty:netty-transport-native-kqueue |
CVE-2026-45536 |
中危 |
4.1.96.Final |
4.2.15.Final, 4.1.135.Final |
netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
25.0-jre |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
31.1-android |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
31.1-android |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
31.1-android |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
31.1-android |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
31.1-android |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| org.apache.commons:commons-compress |
CVE-2024-25710 |
中危 |
1.18 |
1.26.0 |
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16
|
| org.apache.commons:commons-compress |
CVE-2024-25710 |
中危 |
1.21 |
1.26.0 |
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16
|
| org.apache.commons:commons-compress |
CVE-2024-26308 |
中危 |
1.21 |
1.26.0 |
commons-compress: OutOfMemoryError unpacking broken Pack200 file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:17
|
| org.apache.commons:commons-compress |
CVE-2023-42503 |
中危 |
1.23.0 |
1.24.0 |
apache-commons-compress: Denial of service via CPU consumption for malformed TAR file
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42503
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-09-14 08:15 修改: 2026-06-17 06:23
|
| org.apache.commons:commons-compress |
CVE-2024-25710 |
中危 |
1.23.0 |
1.26.0 |
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16
|
| org.apache.commons:commons-compress |
CVE-2024-26308 |
中危 |
1.23.0 |
1.26.0 |
commons-compress: OutOfMemoryError unpacking broken Pack200 file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:17
|
| org.apache.commons:commons-configuration2 |
CVE-2026-45205 |
中危 |
2.10.1 |
2.15.0 |
Uncontrolled Recursion vulnerability in Apache Commons. When processi ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45205
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-14 12:16 修改: 2026-06-17 10:51
|
| org.apache.commons:commons-configuration2 |
CVE-2026-45205 |
中危 |
2.10.1 |
2.15.0 |
Uncontrolled Recursion vulnerability in Apache Commons. When processi ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45205
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-14 12:16 修改: 2026-06-17 10:51
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| org.apache.httpcomponents:httpclient |
CVE-2020-13956 |
中危 |
4.5 |
4.5.13, 5.0.3 |
apache-httpclient: incorrect handling of malformed authority component in request URIs
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-02 17:15 修改: 2026-06-17 02:53
|
| org.apache.jackrabbit:jackrabbit-jcr-commons |
CVE-2025-58782 |
中危 |
1.6.5 |
2.22.2 |
org.apache.jackrabbit/jackrabbit-core: org.apache.jackrabbit/jackrabbit-jcr-commons: Apache Jackrabbit JNDI injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58782
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-09-08 09:15 修改: 2026-06-17 09:44
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.18.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| org.apache.logging.log4j:log4j-1.2-api |
CVE-2026-34479 |
中危 |
2.20.0 |
2.25.4 |
org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34479
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2025-68161 |
中危 |
2.17.1 |
2.25.3 |
Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34477 |
中危 |
2.17.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34480 |
中危 |
2.17.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2025-68161 |
中危 |
2.20.0 |
2.25.3 |
Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34477 |
中危 |
2.20.0 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34480 |
中危 |
2.20.0 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.18.3 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.18.3 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.18.3 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.18.3 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| org.apache.mina:mina-core |
CVE-2021-41973 |
中危 |
2.0.7 |
2.1.5, 2.0.22 |
mina-core: infinite loop may lead to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41973
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-11-01 09:15 修改: 2026-06-17 04:09
|
| org.apache.pdfbox:pdfbox |
CVE-2021-27807 |
中危 |
2.0.16 |
2.0.23 |
pdfbox: infinite loop while loading a crafted PDF file
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27807
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-03-19 16:15 修改: 2026-06-17 03:45
|
| org.apache.pdfbox:pdfbox |
CVE-2021-27807 |
中危 |
2.0.16 |
2.0.23 |
pdfbox: infinite loop while loading a crafted PDF file
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27807
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-03-19 16:15 修改: 2026-06-17 03:45
|
| org.apache.pdfbox:pdfbox |
CVE-2021-27906 |
中危 |
2.0.16 |
2.0.23 |
pdfbox: OutOfMemory-Exception while loading a crafted PDF file
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27906
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-03-19 16:15 修改: 2026-06-17 03:45
|
| org.apache.pdfbox:pdfbox |
CVE-2021-27906 |
中危 |
2.0.16 |
2.0.23 |
pdfbox: OutOfMemory-Exception while loading a crafted PDF file
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27906
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-03-19 16:15 修改: 2026-06-17 03:45
|
| org.apache.pdfbox:pdfbox |
CVE-2021-31811 |
中危 |
2.0.16 |
2.0.24 |
pdfbox: OutOfMemory-Exception while loading a crafted PDF file
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31811
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-06-12 10:15 修改: 2026-06-17 03:52
|
| org.apache.pdfbox:pdfbox |
CVE-2021-31811 |
中危 |
2.0.16 |
2.0.24 |
pdfbox: OutOfMemory-Exception while loading a crafted PDF file
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31811
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-06-12 10:15 修改: 2026-06-17 03:52
|
| org.apache.pdfbox:pdfbox |
CVE-2021-31812 |
中危 |
2.0.16 |
2.0.24 |
pdfbox: infinite loop while loading a crafted PDF file
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31812
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-06-12 10:15 修改: 2026-06-17 03:52
|
| org.apache.pdfbox:pdfbox |
CVE-2021-31812 |
中危 |
2.0.16 |
2.0.24 |
pdfbox: infinite loop while loading a crafted PDF file
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31812
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-06-12 10:15 修改: 2026-06-17 03:52
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.18.3 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.hubspot.jinjava:jinjava |
CVE-2018-18893 |
中危 |
2.4.0 |
2.4.6 |
Jinjava calls getClass
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-18893
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-01-03 01:29 修改: 2026-06-17 01:48
|
| org.apache.shiro:shiro-core |
CVE-2026-43827 |
中危 |
1.13.0 |
2.2.0, 3.0.0-alpha-2 |
apache-shiro: Apache Shiro: Session fixation vulnerability due to improper session invalidation upon login
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43827
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-25 21:16 修改: 2026-06-17 10:49
|
| org.apache.shiro:shiro-core |
CVE-2026-43827 |
中危 |
1.13.0 |
2.2.0, 3.0.0-alpha-2 |
apache-shiro: Apache Shiro: Session fixation vulnerability due to improper session invalidation upon login
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43827
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-25 21:16 修改: 2026-06-17 10:49
|
| org.apache.shiro:shiro-web |
CVE-2026-43828 |
中危 |
1.13.0 |
2.2.0, 3.0.0-alpha-2 |
apache-shiro: Apache Shiro: Information disclosure via insecure cookie handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43828
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-25 21:16 修改: 2026-06-17 10:49
|
| com.hubspot.jinjava:jinjava |
CVE-2018-18893 |
中危 |
2.4.0 |
2.4.6 |
Jinjava calls getClass
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-18893
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-01-03 01:29 修改: 2026-06-17 01:48
|
| com.hubspot.jinjava:jinjava |
CVE-2018-18893 |
中危 |
2.4.0 |
2.4.6 |
Jinjava calls getClass
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-18893
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-01-03 01:29 修改: 2026-06-17 01:48
|
| com.hubspot.jinjava:jinjava |
CVE-2020-12668 |
中危 |
2.4.0 |
2.5.4 |
Unauthorized access to Class instance in Jinjava
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12668
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-02-19 23:15 修改: 2026-06-17 02:52
|
| com.hubspot.jinjava:jinjava |
CVE-2020-12668 |
中危 |
2.4.0 |
2.5.4 |
Unauthorized access to Class instance in Jinjava
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12668
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-02-19 23:15 修改: 2026-06-17 02:52
|
| com.hubspot.jinjava:jinjava |
CVE-2020-12668 |
中危 |
2.4.0 |
2.5.4 |
Unauthorized access to Class instance in Jinjava
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12668
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-02-19 23:15 修改: 2026-06-17 02:52
|
| org.apache.zookeeper:zookeeper |
CVE-2024-23944 |
中危 |
3.6.3 |
3.8.4, 3.9.2 |
Apache-ZooKeeper: Apache ZooKeeper: Information disclosure in persistent watcher handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23944
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-03-15 11:15 修改: 2026-06-17 07:13
|
| org.bouncycastle:bcpkix-jdk18on |
CVE-2026-5588 |
中危 |
1.80 |
1.84 |
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:21
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2026-0636 |
中危 |
1.80.2 |
1.84 |
bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.18.3 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.18.3 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.18.3 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.18.3 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.jcraft:jsch |
CVE-2016-5725 |
中危 |
0.1.53 |
0.1.54 |
jsch: ChannelSftp path traversal vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-5725
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2017-01-19 22:59 修改: 2026-06-17 00:49
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.18.3 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.rabbitmq:amqp-client |
CVE-2023-46120 |
中危 |
5.5.3 |
5.18.0 |
RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46120
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-10-25 18:17 修改: 2026-06-17 06:30
|
| org.eclipse.jetty:jetty-http |
CVE-2024-6763 |
中危 |
11.0.24 |
12.0.12 |
org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18
|
| org.eclipse.jetty:jetty-http |
CVE-2024-6763 |
中危 |
11.0.24 |
12.0.12 |
org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18
|
| org.eclipse.jetty:jetty-http |
CVE-2024-6763 |
中危 |
11.0.24 |
12.0.12 |
org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18
|
| org.eclipse.jetty:jetty-http |
CVE-2024-6763 |
中危 |
11.0.24 |
12.0.12 |
org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18
|
| org.eclipse.jetty:jetty-http |
CVE-2024-6763 |
中危 |
8.2.0.v20160908 |
12.0.12 |
org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.eclipse.jetty:jetty-http |
CVE-2024-6763 |
中危 |
9.4.54.v20240208 |
12.0.12 |
org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.squareup.okio:okio |
CVE-2023-3635 |
中危 |
1.15.0 |
3.4.0, 1.17.6 |
okio: GzipSource class improper exception handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-07-12 19:15 修改: 2026-06-17 06:14
|
| com.squareup.okio:okio |
CVE-2023-3635 |
中危 |
1.17.3 |
3.4.0, 1.17.6 |
okio: GzipSource class improper exception handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-07-12 19:15 修改: 2026-06-17 06:14
|
| commons-lang:commons-lang |
CVE-2025-48924 |
中危 |
2.6 |
|
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| commons-lang:commons-lang |
CVE-2025-48924 |
中危 |
2.6 |
|
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| commons-net:commons-net |
CVE-2021-37533 |
中危 |
3.3 |
3.9.0 |
apache-commons-net: FTP client trusts the host from PASV response by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37533
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-12-03 15:15 修改: 2026-06-17 04:00
|
| org.eclipse.jetty:jetty-server |
CVE-2019-10241 |
中危 |
8.2.0.v20160908 |
9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 |
jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10241
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-04-22 20:29 修改: 2026-06-17 02:10
|
| org.eclipse.jetty:jetty-server |
CVE-2019-10247 |
中危 |
8.2.0.v20160908 |
9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 |
jetty: error path information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10247
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-04-22 20:29 修改: 2026-06-17 02:10
|
| org.eclipse.jetty:jetty-server |
CVE-2023-26048 |
中危 |
8.2.0.v20160908 |
9.4.51.v20230217, 10.0.14, 11.0.14 |
jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26048
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-04-18 21:15 修改: 2026-06-17 05:42
|
| commons-net:commons-net |
CVE-2021-37533 |
中危 |
3.3 |
3.9.0 |
apache-commons-net: FTP client trusts the host from PASV response by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37533
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-12-03 15:15 修改: 2026-06-17 04:00
|
| org.eclipse.jetty:jetty-server |
CVE-2024-8184 |
中危 |
9.4.54.v20240208 |
12.0.9, 10.0.24, 11.0.24, 9.4.56 |
org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:22
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.eclipse.jgit:org.eclipse.jgit |
CVE-2025-4949 |
中危 |
4.5.4.201711221230-r |
7.2.1.202505142326-r, 7.1.1.202505221757-r, 7.0.1.202505221510-r, 6.10.1.202505221210-r, 6.0.0.202111291000-r, 5.13.4.202507202350-r |
org.eclipse.jgit: XXE vulnerability in Eclipse JGit
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4949
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-05-21 07:16 修改: 2026-06-17 09:34
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.elasticsearch:elasticsearch |
CVE-2018-3824 |
中危 |
2.4.3 |
5.6.9, 6.2.4 |
Elasticsearch subject to cross site scripting
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3824
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2018-09-19 19:29 修改: 2026-06-17 01:57
|
| org.elasticsearch:elasticsearch |
CVE-2019-7614 |
中危 |
2.4.3 |
6.8.2, 7.2.1 |
elasticsearch: Race condition in response headers on systems with multiple submitting requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-7614
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2019-07-30 22:15 修改: 2026-06-17 02:40
|
| org.elasticsearch:elasticsearch |
CVE-2020-7019 |
中危 |
2.4.3 |
7.9.0, 6.8.12 |
elasticsearch: scrolling search can leak fields that should be hidden allowing access restriction bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7019
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-08-18 17:15 修改: 2026-06-17 03:24
|
| org.elasticsearch:elasticsearch |
CVE-2020-7021 |
中危 |
2.4.3 |
6.8.14, 7.10.0 |
elasticsearch: Information disclosure via audit logging with emit_request_body option enabled
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7021
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-02-10 19:15 修改: 2026-06-17 03:24
|
| org.elasticsearch:elasticsearch |
CVE-2021-22135 |
中危 |
2.4.3 |
7.11.2, 6.8.15 |
elasticsearch: Document disclosure flaw in the Elasticsearch suggester
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22135
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-05-13 18:15 修改: 2026-06-17 03:36
|
| org.elasticsearch:elasticsearch |
CVE-2021-22137 |
中危 |
2.4.3 |
7.11.2, 6.8.15 |
elasticsearch: Document disclosure flaw when Document or Field Level Security is used
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22137
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-05-13 18:15 修改: 2026-06-17 03:36
|
| org.elasticsearch:elasticsearch |
CVE-2021-22144 |
中危 |
2.4.3 |
6.8.17, 7.13.3 |
elasticsearch: uncontrolled recursion in Grok parser
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22144
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-07-26 12:15 修改: 2026-06-17 03:36
|
| org.elasticsearch:elasticsearch |
CVE-2023-49921 |
中危 |
2.4.3 |
7.17.16, 8.11.2 |
elasticsearch: Insertion of Sensitive Information into Log File
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49921
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-07-26 05:15 修改: 2026-06-17 06:36
|
| org.elasticsearch:elasticsearch |
CVE-2024-23444 |
中危 |
2.4.3 |
8.13.0, 7.17.23 |
Elasticsearch stores private key on disk unencrypted
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23444
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2024-07-31 18:15 修改: 2026-06-17 07:12
|
| org.elasticsearch:elasticsearch |
CVE-2024-43709 |
中危 |
2.4.3 |
7.17.21, 8.13.3 |
elasticsearch: Elasticsearch allocation of resources without limits or throttling leads to crash
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43709
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-01-21 11:15 修改: 2026-06-17 07:51
|
| org.elasticsearch:elasticsearch |
CVE-2024-52979 |
中危 |
2.4.3 |
7.17.25, 8.16.0 |
elasticsearch: Elasticsearch Uncontrolled Resource Consumption vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52979
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-05-01 14:15 修改: 2026-06-17 08:07
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| io.netty:netty |
CVE-2019-20445 |
中危 |
3.10.6.Final |
4.0.0 |
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20445
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-01-29 21:15 修改: 2026-06-17 02:30
|
| io.netty:netty |
CVE-2021-21290 |
中危 |
3.10.6.Final |
4.0.0 |
netty: Information disclosure via the local system temporary directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21290
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-02-08 20:15 修改: 2026-06-17 03:35
|
| io.netty:netty |
CVE-2021-21295 |
中危 |
3.10.6.Final |
4.0.0 |
netty: possible request smuggling in HTTP/2 due missing validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21295
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-03-09 19:15 修改: 2026-06-17 03:35
|
| io.netty:netty |
CVE-2021-21409 |
中危 |
3.10.6.Final |
4.0.0 |
netty: Request smuggling via content-length header
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21409
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-03-30 15:15 修改: 2026-06-17 03:35
|
| io.netty:netty |
CVE-2021-43797 |
中危 |
3.10.6.Final |
4.0.0 |
netty: control chars in header names may lead to HTTP request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-12-09 19:15 修改: 2026-06-17 04:11
|
| org.jsoup:jsoup |
CVE-2022-36033 |
中危 |
1.10.3 |
1.15.3 |
jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52
|
| org.jsoup:jsoup |
CVE-2022-36033 |
中危 |
1.10.3 |
1.15.3 |
jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.jsoup:jsoup |
CVE-2022-36033 |
中危 |
1.11.3 |
1.15.3 |
jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-49128 |
中危 |
2.9.8 |
2.13.0 |
com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-06-06 22:15 修改: 2026-06-17 09:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.9.8 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.51.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
|
| org.jsoup:jsoup |
CVE-2015-6748 |
中危 |
1.8.1 |
1.8.3 |
jsoup: XSS vulnerability related to incomplete tags at EOF
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-6748
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2017-09-25 17:29 修改: 2026-05-13 00:24
|
| org.jsoup:jsoup |
CVE-2015-6748 |
中危 |
1.8.1 |
1.8.3 |
jsoup: XSS vulnerability related to incomplete tags at EOF
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-6748
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2017-09-25 17:29 修改: 2026-05-13 00:24
|
| org.jsoup:jsoup |
CVE-2015-6748 |
中危 |
1.8.1 |
1.8.3 |
jsoup: XSS vulnerability related to incomplete tags at EOF
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-6748
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2017-09-25 17:29 修改: 2026-05-13 00:24
|
| org.jsoup:jsoup |
CVE-2022-36033 |
中危 |
1.8.1 |
1.15.3 |
jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52
|
| org.jsoup:jsoup |
CVE-2022-36033 |
中危 |
1.8.1 |
1.15.3 |
jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52
|
| org.jsoup:jsoup |
CVE-2022-36033 |
中危 |
1.8.1 |
1.15.3 |
jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.75.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.18.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.yaml:snakeyaml |
CVE-2022-38749 |
中危 |
1.15 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38749
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38750 |
中危 |
1.15 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38750
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38751 |
中危 |
1.15 |
1.31 |
snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38751
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38752 |
中危 |
1.15 |
1.32 |
snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38752
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-41854 |
中危 |
1.15 |
1.32 |
dev-java/snakeyaml: DoS via stack overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41854
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-11-11 13:15 修改: 2026-06-17 05:03
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.87.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
|
| org.eclipse.jetty:jetty-server |
CVE-2021-34428 |
低危 |
8.2.0.v20160908 |
9.4.41, 10.0.3, 11.0.3 |
jetty: SessionListener can prevent a session from being invalidated breaking logout
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-34428
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2021-06-22 15:15 修改: 2026-06-17 03:55
|
| org.eclipse.jetty:jetty-server |
CVE-2023-26049 |
低危 |
8.2.0.v20160908 |
9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0 |
jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26049
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2023-04-18 21:15 修改: 2026-06-17 05:42
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
25.0-jre |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
18.0 |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
24.1.1-jre |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| org.eclipse.jetty:jetty-http |
CVE-2025-11143 |
低危 |
11.0.24 |
12.0.31, 12.1.5 |
org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29
|
| org.eclipse.jetty:jetty-http |
CVE-2025-11143 |
低危 |
11.0.24 |
12.0.31, 12.1.5 |
org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29
|
| org.eclipse.jetty:jetty-http |
CVE-2025-11143 |
低危 |
11.0.24 |
12.0.31, 12.1.5 |
org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29
|
| org.eclipse.jetty:jetty-http |
CVE-2025-11143 |
低危 |
11.0.24 |
12.0.31, 12.1.5 |
org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
19.0 |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| org.eclipse.jetty:jetty-http |
CVE-2022-2047 |
低危 |
8.2.0.v20160908 |
9.4.47, 10.0.10, 11.0.10 |
jetty-http: improver hostname input handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2047
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2022-07-07 21:15 修改: 2026-06-17 04:41
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
20.0 |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
25.0-jre |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| org.eclipse.jetty:jetty-http |
CVE-2025-11143 |
低危 |
9.4.54.v20240208 |
12.0.31, 12.1.5 |
org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
31.1-android |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
31.1-android |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| io.netty:netty-codec-http |
CVE-2025-58056 |
低危 |
4.1.87.Final |
4.1.125.Final, 4.2.5.Final |
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
31.1-android |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| org.apache.shiro:shiro-core |
CVE-2026-23901 |
低危 |
1.13.0 |
2.1.0 |
org.apache.shiro/shiro-core: Apache Shiro: Brute force attack possible to determine valid user names
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23901
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-10 10:15 修改: 2026-06-17 10:22
|
| org.elasticsearch:elasticsearch |
CVE-2020-7020 |
低危 |
2.4.3 |
6.8.13, 7.9.2 |
elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7020
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-10-22 17:15 修改: 2026-06-17 03:24
|
| org.apache.shiro:shiro-core |
CVE-2026-23901 |
低危 |
1.13.0 |
2.1.0 |
org.apache.shiro/shiro-core: Apache Shiro: Brute force attack possible to determine valid user names
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23901
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-02-10 10:15 修改: 2026-06-17 10:22
|
| io.netty:netty-handler-proxy |
CVE-2026-42578 |
低危 |
4.1.87.Final |
4.1.133.Final, 4.2.13.Final |
netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
31.1-android |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
31.1-android |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|