docker.io/apache/zeppelin:0.12.1 linux/amd64

docker.io/apache/zeppelin:0.12.1 - Trivy安全扫描结果 扫描时间: 2026-07-05 00:42
全部漏洞信息
低危漏洞:42 中危漏洞:244 高危漏洞:218 严重漏洞:38

系统OS: ubuntu 20.04 扫描引擎: Trivy 扫描时间: 2026-07-05 00:42

docker.io/apache/zeppelin:0.12.1 (ubuntu 20.04) (ubuntu)
低危漏洞:0 中危漏洞:2 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libc-bin CVE-2025-4802 中危 2.31-0ubuntu9.17 2.31-0ubuntu9.18 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:470b66ea5123c93b0d5606e4213bf9e47d3d426b640d32472e4ac213186c4bb6

发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34

libc6 CVE-2025-4802 中危 2.31-0ubuntu9.17 2.31-0ubuntu9.18 glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4802

镜像层: sha256:470b66ea5123c93b0d5606e4213bf9e47d3d426b640d32472e4ac213186c4bb6

发布日期: 2025-05-16 20:15 修改: 2026-06-17 09:34

Conda (conda-pkg)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Java (jar)
低危漏洞:24 中危漏洞:164 高危漏洞:142 严重漏洞:36
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
com.fasterxml.jackson.core:jackson-databind CVE-2019-14379 严重 2.9.8 2.9.9.2, 2.8.11.4, 2.7.9.6 jackson-databind: default typing mishandling leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-07-29 12:15 修改: 2026-06-17 02:18

com.fasterxml.jackson.core:jackson-databind CVE-2019-14540 严重 2.9.8 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:18

com.fasterxml.jackson.core:jackson-databind CVE-2019-16335 严重 2.9.8 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:22

com.fasterxml.jackson.core:jackson-databind CVE-2019-16942 严重 2.9.8 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23

com.fasterxml.jackson.core:jackson-databind CVE-2019-16943 严重 2.9.8 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23

com.fasterxml.jackson.core:jackson-databind CVE-2019-17267 严重 2.9.8 2.9.10, 2.8.11.5 jackson-databind: Serialization gadgets in classes of the ehcache package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-10-07 00:15 修改: 2026-06-17 02:23

com.fasterxml.jackson.core:jackson-databind CVE-2019-17531 严重 2.9.8 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-10-12 21:15 修改: 2026-06-17 02:24

com.fasterxml.jackson.core:jackson-databind CVE-2019-20330 严重 2.9.8 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 jackson-databind: lacks certain net.sf.ehcache blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-01-03 04:15 修改: 2026-06-17 02:30

com.fasterxml.jackson.core:jackson-databind CVE-2020-8840 严重 2.9.8 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 jackson-databind: Lacks certain xbean-reflect/JNDI blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-02-10 21:56 修改: 2026-06-17 03:27

com.fasterxml.jackson.core:jackson-databind CVE-2020-9546 严重 2.9.8 2.9.10.4 jackson-databind: Serialization gadgets in shaded-hikari-config

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9546

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28

com.fasterxml.jackson.core:jackson-databind CVE-2020-9547 严重 2.9.8 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in ibatis-sqlmap

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28

com.fasterxml.jackson.core:jackson-databind CVE-2020-9548 严重 2.9.8 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in anteros-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28

com.hubspot.jinjava:jinjava CVE-2025-59340 严重 2.4.0 2.8.1, 2.7.5 jinjava has Sandbox Bypass via JavaType-Based Deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59340

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-17 20:15 修改: 2026-06-17 09:45

com.hubspot.jinjava:jinjava CVE-2025-59340 严重 2.4.0 2.8.1, 2.7.5 jinjava has Sandbox Bypass via JavaType-Based Deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59340

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-17 20:15 修改: 2026-06-17 09:45

com.hubspot.jinjava:jinjava CVE-2025-59340 严重 2.4.0 2.8.1, 2.7.5 jinjava has Sandbox Bypass via JavaType-Based Deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59340

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-17 20:15 修改: 2026-06-17 09:45

com.hubspot.jinjava:jinjava CVE-2026-25526 严重 2.4.0 2.8.3, 2.7.6 JinJava Bypass through ForTag leads to Arbitrary Java Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25526

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-04 22:15 修改: 2026-06-17 10:24

com.hubspot.jinjava:jinjava CVE-2026-25526 严重 2.4.0 2.8.3, 2.7.6 JinJava Bypass through ForTag leads to Arbitrary Java Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25526

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-04 22:15 修改: 2026-06-17 10:24

com.hubspot.jinjava:jinjava CVE-2026-25526 严重 2.4.0 2.8.3, 2.7.6 JinJava Bypass through ForTag leads to Arbitrary Java Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25526

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-04 22:15 修改: 2026-06-17 10:24

com.hubspot.jinjava:jinjava CVE-2025-59340 严重 2.5.4 2.8.1, 2.7.5 jinjava has Sandbox Bypass via JavaType-Based Deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59340

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-17 20:15 修改: 2026-06-17 09:45

com.hubspot.jinjava:jinjava CVE-2025-59340 严重 2.5.4 2.8.1, 2.7.5 jinjava has Sandbox Bypass via JavaType-Based Deserialization

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-59340

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-17 20:15 修改: 2026-06-17 09:45

com.hubspot.jinjava:jinjava CVE-2026-25526 严重 2.5.4 2.8.3, 2.7.6 JinJava Bypass through ForTag leads to Arbitrary Java Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25526

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-04 22:15 修改: 2026-06-17 10:24

com.hubspot.jinjava:jinjava CVE-2026-25526 严重 2.5.4 2.8.3, 2.7.6 JinJava Bypass through ForTag leads to Arbitrary Java Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25526

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-04 22:15 修改: 2026-06-17 10:24

io.netty:netty CVE-2019-20444 严重 3.10.6.Final 4.0.0 netty: HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20444

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-01-29 21:15 修改: 2026-06-17 02:30

log4j:log4j CVE-2019-17571 严重 1.2.17 log4j: deserialization of untrusted data in SocketServer

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17571

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-12-20 17:15 修改: 2026-06-17 02:24

log4j:log4j CVE-2022-23305 严重 1.2.17 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23305

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-01-18 16:15 修改: 2026-06-17 04:29

log4j:log4j CVE-2022-23307 严重 1.2.17 log4j: Unsafe deserialization flaw in Chainsaw log viewer

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23307

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-01-18 16:15 修改: 2026-06-17 04:29

org.apache.avro:avro CVE-2024-47561 严重 1.11.2 1.11.4 apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-10-03 11:15 修改: 2026-06-17 07:57

org.apache.mina:mina-core CVE-2024-52046 严重 2.0.7 2.2.4, 2.1.10, 2.0.27 mina-core: Apache MINA: applications using unbounded deserialization may allow RCE

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52046

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-12-25 10:15 修改: 2026-06-17 08:06

org.apache.mina:mina-core CVE-2026-41409 严重 2.0.7 2.0.28, 2.1.11, 2.2.6 Apache MINA: Apache MINA: Arbitrary code execution via incomplete deserialization fix

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41409

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-27 10:16 修改: 2026-06-17 10:46

org.apache.mina:mina-core CVE-2026-41635 严重 2.0.7 2.0.28, 2.1.11, 2.2.6 Apache MINA: Apache MINA: Arbitrary code execution via classname allowlist bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41635

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-27 09:16 修改: 2026-06-17 10:46

org.apache.zookeeper:zookeeper CVE-2023-44981 严重 3.5.5 3.7.2, 3.8.3, 3.9.1 zookeeper: Authorization Bypass in Apache ZooKeeper

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44981

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-10-11 12:15 修改: 2026-06-17 06:28

org.apache.zookeeper:zookeeper CVE-2023-44981 严重 3.6.3 3.7.2, 3.8.3, 3.9.1 zookeeper: Authorization Bypass in Apache ZooKeeper

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44981

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-10-11 12:15 修改: 2026-06-17 06:28

org.codehaus.jackson:jackson-mapper-asl CVE-2019-10202 严重 1.9.13 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10202

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-10-01 15:15 修改: 2026-06-17 02:10

org.eclipse.jetty:jetty-server CVE-2017-7657 严重 8.2.0.v20160908 9.2.25.v20180606, 9.3.24.v20180605 jetty: HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7657

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2018-06-26 16:29 修改: 2026-06-17 01:24

org.eclipse.jetty:jetty-server CVE-2017-7658 严重 8.2.0.v20160908 9.2.25.v20180606, 9.3.24.v20180605, 9.4.11.v20180605 jetty: Incorrect header handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7658

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2018-06-26 17:29 修改: 2026-06-17 01:24

org.glassfish.jersey.core:jersey-client CVE-2025-12383 严重 3.1.9 2.46, 3.0.17, 3.1.10 Eclipse Jersey has a Race Condition

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12383

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-11-18 16:15 修改: 2026-06-17 08:32

com.fasterxml.jackson.core:jackson-databind CVE-2019-14893 高危 2.9.8 2.9.10 jackson-databind: Serialization gadgets in classes of the xalan package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14893

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-02 21:15 修改: 2026-06-17 02:19

com.fasterxml.jackson.core:jackson-databind CVE-2020-10650 高危 2.9.8 2.9.10.4 A deserialization flaw was discovered in jackson-databind through 2.9. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-12-26 20:15 修改: 2026-06-17 02:48

com.fasterxml.jackson.core:jackson-databind CVE-2020-10672 高危 2.9.8 2.9.10.4 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10672

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-18 22:15 修改: 2026-06-17 02:48

com.fasterxml.jackson.core:jackson-databind CVE-2020-10673 高危 2.9.8 2.9.10.4, 2.6.7.4 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-18 22:15 修改: 2026-06-17 02:48

com.fasterxml.jackson.core:jackson-databind CVE-2020-10968 高危 2.9.8 2.9.10.4 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10968

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-26 13:15 修改: 2026-06-17 02:48

com.fasterxml.jackson.core:jackson-databind CVE-2020-10969 高危 2.9.8 2.9.10.4 jackson-databind: Serialization gadgets in javax.swing.JEditorPane

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10969

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-26 13:15 修改: 2026-06-17 02:48

com.fasterxml.jackson.core:jackson-databind CVE-2020-11111 高危 2.9.8 2.9.10.4 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11111

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-31 05:15 修改: 2026-06-17 02:49

com.fasterxml.jackson.core:jackson-databind CVE-2020-11112 高危 2.9.8 2.9.10.4 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11112

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-31 05:15 修改: 2026-06-17 02:49

com.fasterxml.jackson.core:jackson-databind CVE-2020-11113 高危 2.9.8 2.9.10.4 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11113

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-31 05:15 修改: 2026-06-17 02:49

com.fasterxml.jackson.core:jackson-databind CVE-2020-11619 高危 2.9.8 2.9.10.4 jackson-databind: Serialization gadgets in org.springframework:spring-aop

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11619

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-04-07 23:15 修改: 2026-06-17 02:50

com.fasterxml.jackson.core:jackson-databind CVE-2020-11620 高危 2.9.8 2.9.10.4 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11620

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-04-07 23:15 修改: 2026-06-17 02:50

com.fasterxml.jackson.core:jackson-databind CVE-2020-14060 高危 2.9.8 2.9.10.5 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14060

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-06-14 21:15 修改: 2026-06-17 02:54

com.fasterxml.jackson.core:jackson-databind CVE-2020-14061 高危 2.9.8 2.9.10.5 jackson-databind: serialization in weblogic/oracle-aqjms

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14061

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-06-14 20:15 修改: 2026-06-17 02:54

com.fasterxml.jackson.core:jackson-databind CVE-2020-14062 高危 2.9.8 2.9.10.5 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14062

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-06-14 20:15 修改: 2026-06-17 02:54

com.fasterxml.jackson.core:jackson-databind CVE-2020-14195 高危 2.9.8 2.9.10.5 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14195

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-06-16 16:15 修改: 2026-06-17 02:54

com.fasterxml.jackson.core:jackson-databind CVE-2020-24616 高危 2.9.8 2.9.10.6 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-08-25 18:15 修改: 2026-06-17 03:05

com.fasterxml.jackson.core:jackson-databind CVE-2020-24750 高危 2.9.8 2.6.7.5, 2.9.10.6 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-09-17 19:15 修改: 2026-06-17 03:06

com.fasterxml.jackson.core:jackson-databind CVE-2020-25649 高危 2.9.8 2.6.7.4, 2.9.10.7, 2.10.5.1 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25649

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-03 17:15 修改: 2026-06-17 03:07

com.fasterxml.jackson.core:jackson-databind CVE-2020-35490 高危 2.9.8 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13

com.fasterxml.jackson.core:jackson-databind CVE-2020-35491 高危 2.9.8 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13

com.fasterxml.jackson.core:jackson-databind CVE-2020-35728 高危 2.9.8 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-27 05:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36179 高危 2.9.8 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36180 高危 2.9.8 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36181 高危 2.9.8 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36182 高危 2.9.8 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36183 高危 2.9.8 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36184 高危 2.9.8 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36185 高危 2.9.8 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36186 高危 2.9.8 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36187 高危 2.9.8 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36188 高危 2.9.8 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36189 高危 2.9.8 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14

com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 高危 2.9.8 2.13.2.1, 2.12.6.1 jackson-databind: denial of service via a large depth of nested objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-03-11 07:15 修改: 2026-06-17 03:15

com.fasterxml.jackson.core:jackson-databind CVE-2021-20190 高危 2.9.8 2.9.10.7, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-01-19 17:15 修改: 2026-06-17 03:33

com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.9.8 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04

com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.9.8 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04

com.google.oauth-client:google-oauth-client CVE-2020-7692 高危 1.23.0 1.31.0 google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7692

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-07-09 14:15 修改: 2026-06-17 03:25

com.google.oauth-client:google-oauth-client CVE-2021-22573 高危 1.23.0 1.33.3 google-oauth-client: Token signature not verified

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22573

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-05-03 16:15 修改: 2026-06-17 03:37

com.google.oauth-client:google-oauth-client CVE-2020-7692 高危 1.30.5 1.31.0 google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7692

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-07-09 14:15 修改: 2026-06-17 03:25

com.google.oauth-client:google-oauth-client CVE-2021-22573 高危 1.30.5 1.33.3 google-oauth-client: Token signature not verified

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22573

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-05-03 16:15 修改: 2026-06-17 03:37

com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.21.7 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19

com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.21.7 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19

com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.21.7 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19

com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.21.7 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-core CVE-2025-52999 高危 2.9.8 2.15.0 com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37

com.mchange:c3p0 CVE-2026-27830 高危 0.9.5.4 0.12.0 c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27830

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-26 01:16 修改: 2026-06-30 03:17

com.mchange:mchange-commons-java CVE-2026-27727 高危 0.2.15 0.4.0 com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27727

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-25 17:25 修改: 2026-07-02 12:17

com.squareup.okhttp3:okhttp CVE-2021-0341 高危 3.12.12 4.9.2 okhttp: information disclosure via improperly used cryptographic function

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-0341

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-02-10 17:15 修改: 2026-06-17 03:29

com.squareup.okhttp3:okhttp CVE-2021-0341 高危 3.13.1 4.9.2 okhttp: information disclosure via improperly used cryptographic function

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-0341

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-02-10 17:15 修改: 2026-06-17 03:29

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.18.3 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

io.netty:netty CVE-2019-16869 高危 3.10.6.Final netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16869

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-09-26 16:15 修改: 2026-06-17 02:22

io.netty:netty CVE-2021-37136 高危 3.10.6.Final 4.0.0 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00

io.netty:netty CVE-2021-37137 高危 3.10.6.Final 4.0.0 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00

io.netty:netty-codec CVE-2021-37136 高危 4.1.51.Final 4.1.68.Final netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00

io.netty:netty-codec CVE-2021-37137 高危 4.1.51.Final 4.1.68.Final netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00

io.netty:netty-codec CVE-2026-42583 高危 4.1.51.Final 4.1.133.Final netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec CVE-2026-42583 高危 4.1.75.Final 4.1.133.Final netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec CVE-2026-42583 高危 4.1.87.Final 4.1.133.Final netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-http CVE-2026-33870 高危 4.1.87.Final 4.1.132.Final, 4.2.10.Final io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http CVE-2026-42584 高危 4.1.87.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19

io.netty:netty-codec-http CVE-2026-42587 高危 4.1.87.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 CVE-2025-55163 高危 4.1.87.Final 4.2.4.Final, 4.1.124.Final netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41

io.netty:netty-codec-http2 CVE-2026-33871 高危 4.1.87.Final 4.1.132.Final, 4.2.11.Final netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 CVE-2026-42587 高危 4.1.87.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 GHSA-xpw8-rcwv-8f8p 高危 4.1.87.Final 4.1.100.Final io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-10-10 22:22 修改: 2023-11-06 22:08

io.netty:netty-handler CVE-2026-44249 高危 4.1.51.Final 4.2.15.Final, 4.1.135.Final netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-11 22:16 修改: 2026-07-03 13:17

io.netty:netty-handler CVE-2026-45416 高危 4.1.51.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17

io.netty:netty-handler CVE-2026-50010 高危 4.1.51.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17

io.netty:netty-handler CVE-2026-44249 高危 4.1.75.Final 4.2.15.Final, 4.1.135.Final netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-11 22:16 修改: 2026-07-03 13:17

io.netty:netty-handler CVE-2026-45416 高危 4.1.75.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17

io.netty:netty-handler CVE-2026-50010 高危 4.1.75.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17

io.netty:netty-handler CVE-2026-44249 高危 4.1.87.Final 4.2.15.Final, 4.1.135.Final netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-11 22:16 修改: 2026-07-03 13:17

io.netty:netty-handler CVE-2026-45416 高危 4.1.87.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17

io.netty:netty-handler CVE-2026-50010 高危 4.1.87.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.18.3 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.18.3 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.18.3 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

log4j:log4j CVE-2021-4104 高危 1.2.17 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4104

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-12-14 12:15 修改: 2026-06-17 04:19

log4j:log4j CVE-2022-23302 高危 1.2.17 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23302

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-01-18 16:15 修改: 2026-06-17 04:29

log4j:log4j CVE-2023-26464 高危 1.2.17 2.0 log4j1-socketappender: DoS via hashmap logging

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26464

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-03-10 14:15 修改: 2026-06-17 05:43

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.18.3 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

org.apache.avro:avro CVE-2023-39410 高危 1.11.2 1.11.3 apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39410

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-09-29 17:15 修改: 2026-06-17 06:12

org.apache.commons:commons-compress CVE-2019-12402 高危 1.18 1.19 apache-commons-compress: Infinite loop in name encoding algorithm

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12402

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-08-30 09:15 修改: 2026-06-17 02:14

org.apache.commons:commons-compress CVE-2021-35515 高危 1.18 1.21 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57

org.apache.commons:commons-compress CVE-2021-35516 高危 1.18 1.21 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35516

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57

org.apache.commons:commons-compress CVE-2021-35517 高危 1.18 1.21 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35517

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57

org.apache.commons:commons-compress CVE-2021-36090 高危 1.18 1.21 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36090

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:58

org.apache.directory.api:api-ldap-model CVE-2015-3250 高危 1.0.0-M20 1.0.0-M31 Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-3250

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2017-09-07 13:29 修改: 2026-05-13 00:24

org.apache.jena:jena-core CVE-2021-39239 高危 3.12.0 4.2.0 A vulnerability in XML processing in Apache Jena, in versions up to 4. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-39239

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-09-16 15:15 修改: 2026-06-17 04:03

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.18.3 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.18.3 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.18.3 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

org.apache.mina:mina-core CVE-2019-0231 高危 2.0.7 2.0.21, 2.1.1 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-0231

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-10-01 20:15 修改: 2026-06-17 02:08

org.apache.shiro:shiro-core CVE-2026-49268 高危 1.13.0 2.2.1, 3.0.0-alpha-2 A remote attacker can inject LDAP special characters into the Distingu ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49268

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-17 14:17 修改: 2026-06-18 14:45

org.apache.shiro:shiro-core CVE-2026-49268 高危 1.13.0 2.2.1, 3.0.0-alpha-2 A remote attacker can inject LDAP special characters into the Distingu ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49268

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-17 14:17 修改: 2026-06-18 14:45

org.apache.spark:spark-core_2.12 CVE-2025-54920 高危 3.5.3 3.5.7 org.apache.spark/spark-core: Apache Spark: Spark History Server Code Execution Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54920

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-16 14:17 修改: 2026-06-17 09:40

org.apache.thrift:libthrift CVE-2020-13949 高危 0.13.0 0.14.0 libthrift: potential DoS when processing untrusted payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13949

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-02-12 20:15 修改: 2026-06-17 02:53

org.apache.thrift:libthrift CVE-2026-43869 高危 0.13.0 0.23.0 Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43869

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-05 08:16 修改: 2026-07-01 13:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.18.3 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54512 高危 2.18.3 2.18.8, 3.1.4, 2.21.4 jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01

com.fasterxml.jackson.core:jackson-databind CVE-2026-54513 高危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17

org.codehaus.jackson:jackson-mapper-asl CVE-2019-10172 高危 1.9.13 jackson-mapper-asl: XML external entity similar to CVE-2016-3720

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10172

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-11-18 17:15 修改: 2026-06-17 02:10

org.codehaus.plexus:plexus-utils CVE-2025-67030 高危 3.2.1 4.0.3, 3.6.1 org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67030

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-25 18:16 修改: 2026-06-30 03:16

org.codehaus.plexus:plexus-utils CVE-2025-67030 高危 3.2.1 4.0.3, 3.6.1 org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67030

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-25 18:16 修改: 2026-06-30 03:16

org.eclipse.jetty:jetty-http CVE-2026-2332 高危 11.0.24 12.1.7, 12.0.33 org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17

org.eclipse.jetty:jetty-http CVE-2026-2332 高危 11.0.24 12.1.7, 12.0.33 org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17

org.eclipse.jetty:jetty-http CVE-2026-2332 高危 11.0.24 12.1.7, 12.0.33 org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17

org.eclipse.jetty:jetty-http CVE-2026-2332 高危 11.0.24 12.1.7, 12.0.33 org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17

org.eclipse.jetty:jetty-http CVE-2026-2332 高危 9.4.54.v20240208 12.1.7, 12.0.33 org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17

com.fasterxml.jackson.core:jackson-databind CVE-2019-12086 高危 2.9.8 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-05-17 17:29 修改: 2026-06-17 02:14

com.fasterxml.jackson.core:jackson-databind CVE-2019-14439 高危 2.9.8 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: Polymorphic typing issue related to logback/JNDI

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-07-30 11:15 修改: 2026-06-17 02:18

org.eclipse.jetty:jetty-server CVE-2015-2080 高危 8.2.0.v20160908 9.2.9.v20150224 jetty: remote unauthenticated credential exposure

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-2080

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2016-10-07 14:59 修改: 2026-05-06 22:30

org.eclipse.jetty:jetty-server CVE-2017-7656 高危 8.2.0.v20160908 9.3.24.v20180605, 9.4.11.v20180605 jetty: HTTP request smuggling using the range header

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7656

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2018-06-26 15:29 修改: 2026-06-17 01:24

org.eclipse.jetty:jetty-server CVE-2017-9735 高危 8.2.0.v20160908 9.4.6.v20170531, 9.3.20.v20170531, 9.2.22.v20170606 jetty: Timing channel attack in util/security/Password.java

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-9735

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2017-06-16 21:29 修改: 2026-06-17 01:28

org.eclipse.jetty:jetty-server CVE-2021-28165 高危 8.2.0.v20160908 9.4.39, 10.0.2, 11.0.2 jetty: Resource exhaustion when receiving an invalid large TLS frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28165

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-04-01 15:15 修改: 2026-06-17 03:45

org.eclipse.jetty:jetty-server CVE-2024-13009 高危 9.4.54.v20240208 9.4.57.v20241219 jetty-server: Jetty: Gzip Request Body Buffer Corruption

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-13009

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-05-08 18:15 修改: 2026-06-17 07:00

org.eclipse.jgit:org.eclipse.jgit CVE-2023-4759 高危 4.5.4.201711221230-r 6.6.1.202309021850-r, 5.13.3.202401111512-r jgit: arbitrary file overwrite

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4759

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-09-12 10:15 修改: 2026-06-17 06:38

org.elasticsearch:elasticsearch CVE-2019-7611 高危 2.4.3 5.6.15, 6.6.1 elasticsearch: Improper permission issue when attaching a new name to an index

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-7611

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-03-25 19:29 修改: 2026-06-17 02:40

org.elasticsearch:elasticsearch CVE-2023-31418 高危 2.4.3 7.17.13, 8.9.0 elasticsearch: uncontrolled resource consumption

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-31418

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-10-26 18:15 修改: 2026-06-17 05:56

com.fasterxml.jackson.core:jackson-databind CVE-2019-14892 高危 2.9.8 2.6.7.3, 2.8.11.5, 2.9.10 jackson-databind: Serialization gadgets in classes of the commons-configuration package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-03-02 17:15 修改: 2026-06-17 02:19

org.jdom:jdom CVE-2021-33813 高危 1.1 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33813

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-06-16 12:15 修改: 2026-06-17 03:55

org.jline:jline-remote-telnet GHSA-2r2c-cx56-8933 高危 3.16.0 4.2.1 JLine3 Telnet server: Unauthenticated Remote DoS via Unbounded Telnet NAWS Terminal Geometry

漏洞详情: https://github.com/advisories/GHSA-2r2c-cx56-8933

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-18 13:07 修改: 2026-06-18 13:07

org.jline:jline-remote-telnet GHSA-47qp-hqvx-6r3f 高危 3.16.0 4.2.1 JLine3 Telnet server: Unauthenticated Remote Memory Exhaustion via Unbounded Telnet NEW-ENVIRON Variables

漏洞详情: https://github.com/advisories/GHSA-47qp-hqvx-6r3f

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-18 13:07 修改: 2026-06-18 13:07

org.jsoup:jsoup CVE-2021-37714 高危 1.10.3 1.14.2 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01

org.jsoup:jsoup CVE-2021-37714 高危 1.10.3 1.14.2 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01

org.jsoup:jsoup CVE-2021-37714 高危 1.11.3 1.14.2 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01

org.jsoup:jsoup CVE-2021-37714 高危 1.8.1 1.14.2 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01

org.jsoup:jsoup CVE-2021-37714 高危 1.8.1 1.14.2 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01

org.jsoup:jsoup CVE-2021-37714 高危 1.8.1 1.14.2 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37714

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-08-18 15:15 修改: 2026-06-17 04:01

org.yaml:snakeyaml CVE-2017-18640 高危 1.15 1.26 snakeyaml: Billion laughs attack via alias feature

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-18640

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-12-12 03:15 修改: 2026-06-17 01:13

org.yaml:snakeyaml CVE-2022-1471 高危 1.15 2.0 SnakeYaml: Constructor Deserialization Remote Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-12-01 11:15 修改: 2026-06-17 04:22

org.yaml:snakeyaml CVE-2022-25857 高危 1.15 1.31 snakeyaml: Denial of Service due to missing nested depth limitation for collections

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25857

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-08-30 05:15 修改: 2026-06-17 04:34

software.amazon.ion:ion-java CVE-2024-21634 高危 1.0.2 1.10.5 ion-java: ion-java: Ion Java StackOverflow vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21634

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-01-03 23:15 修改: 2026-06-17 07:09

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

io.netty:netty-codec-http CVE-2024-29025 中危 4.1.87.Final 4.1.108.Final netty-codec-http: Allocation of Resources Without Limits or Throttling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-03-25 20:15 修改: 2026-06-17 07:22

io.netty:netty-codec-http CVE-2025-67735 中危 4.1.87.Final 4.2.8.Final, 4.1.129.Final netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58

io.netty:netty-codec-http CVE-2026-41417 中危 4.1.87.Final 4.1.133.Final, 4.2.13.Final netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46

io.netty:netty-codec-http CVE-2026-42580 中危 4.1.87.Final 4.2.13.Final, 4.1.133.Final netty: Netty: Request smuggling via chunk size parser integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-http CVE-2026-42581 中危 4.1.87.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19

io.netty:netty-codec-http CVE-2026-42585 中危 4.1.87.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48

io.netty:netty-codec-http CVE-2026-50020 中危 4.1.87.Final 4.2.15.Final, 4.1.135.Final netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2019-12384 中危 2.9.8 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-06-24 16:15 修改: 2026-06-17 02:14

com.fasterxml.jackson.core:jackson-databind CVE-2019-12814 中危 2.9.8 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-06-19 14:15 修改: 2026-06-17 02:15

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.9.8 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

io.netty:netty-codec-http2 CVE-2026-47244 中危 4.1.87.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54

io.netty:netty-codec-http2 CVE-2026-48043 中危 4.1.87.Final 4.1.135.Final, 4.2.15.Final netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17

io.netty:netty-codec-http2 CVE-2026-50560 中危 4.1.87.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57

io.netty:netty-common CVE-2024-47535 中危 4.1.51.Final 4.1.115.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57

io.netty:netty-common CVE-2025-25193 中危 4.1.51.Final 4.1.118.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00

io.netty:netty-common CVE-2024-47535 中危 4.1.75.Final 4.1.115.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57

io.netty:netty-common CVE-2025-25193 中危 4.1.75.Final 4.1.118.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00

io.netty:netty-common CVE-2024-47535 中危 4.1.87.Final 4.1.115.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57

io.netty:netty-common CVE-2025-25193 中危 4.1.87.Final 4.1.118.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.9.8 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.google.guava:guava CVE-2018-10237 中危 18.0 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2018-04-26 21:29 修改: 2026-06-17 01:33

com.google.guava:guava CVE-2023-2976 中危 18.0 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

io.netty:netty-handler CVE-2023-34462 中危 4.1.51.Final 4.1.94.Final netty: SniHandler 16MB allocation leads to OOM

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-22 23:15 修改: 2026-06-17 06:03

com.google.guava:guava CVE-2018-10237 中危 19.0 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2018-04-26 21:29 修改: 2026-06-17 01:33

com.google.guava:guava CVE-2023-2976 中危 19.0 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.google.guava:guava CVE-2018-10237 中危 20.0 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2018-04-26 21:29 修改: 2026-06-17 01:33

io.netty:netty-handler CVE-2023-34462 中危 4.1.75.Final 4.1.94.Final netty: SniHandler 16MB allocation leads to OOM

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-22 23:15 修改: 2026-06-17 06:03

com.google.guava:guava CVE-2023-2976 中危 20.0 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.google.guava:guava CVE-2023-2976 中危 24.1.1-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.google.guava:guava CVE-2023-2976 中危 25.0-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

io.netty:netty-handler CVE-2023-34462 中危 4.1.87.Final 4.1.94.Final netty: SniHandler 16MB allocation leads to OOM

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-22 23:15 修改: 2026-06-17 06:03

io.netty:netty-transport-native-epoll CVE-2026-45536 中危 4.1.96.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

io.netty:netty-transport-native-kqueue CVE-2026-45536 中危 4.1.96.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52

com.google.guava:guava CVE-2023-2976 中危 25.0-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.google.guava:guava CVE-2023-2976 中危 31.1-android 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.google.guava:guava CVE-2023-2976 中危 31.1-android 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.google.guava:guava CVE-2023-2976 中危 31.1-android 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.google.guava:guava CVE-2023-2976 中危 31.1-android 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.google.guava:guava CVE-2023-2976 中危 31.1-android 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

org.apache.commons:commons-compress CVE-2024-25710 中危 1.18 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16

org.apache.commons:commons-compress CVE-2024-25710 中危 1.21 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16

org.apache.commons:commons-compress CVE-2024-26308 中危 1.21 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:17

org.apache.commons:commons-compress CVE-2023-42503 中危 1.23.0 1.24.0 apache-commons-compress: Denial of service via CPU consumption for malformed TAR file

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42503

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-09-14 08:15 修改: 2026-06-17 06:23

org.apache.commons:commons-compress CVE-2024-25710 中危 1.23.0 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16

org.apache.commons:commons-compress CVE-2024-26308 中危 1.23.0 1.26.0 commons-compress: OutOfMemoryError unpacking broken Pack200 file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:17

org.apache.commons:commons-configuration2 CVE-2026-45205 中危 2.10.1 2.15.0 Uncontrolled Recursion vulnerability in Apache Commons. When processi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45205

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-14 12:16 修改: 2026-06-17 10:51

org.apache.commons:commons-configuration2 CVE-2026-45205 中危 2.10.1 2.15.0 Uncontrolled Recursion vulnerability in Apache Commons. When processi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45205

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-14 12:16 修改: 2026-06-17 10:51

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

org.apache.httpcomponents:httpclient CVE-2020-13956 中危 4.5 4.5.13, 5.0.3 apache-httpclient: incorrect handling of malformed authority component in request URIs

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-02 17:15 修改: 2026-06-17 02:53

org.apache.jackrabbit:jackrabbit-jcr-commons CVE-2025-58782 中危 1.6.5 2.22.2 org.apache.jackrabbit/jackrabbit-core: org.apache.jackrabbit/jackrabbit-jcr-commons: Apache Jackrabbit JNDI injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58782

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-08 09:15 修改: 2026-06-17 09:44

com.fasterxml.jackson.core:jackson-databind CVE-2026-54514 中危 2.18.3 2.18.8, 2.21.4, 3.1.4 jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55

org.apache.logging.log4j:log4j-1.2-api CVE-2026-34479 中危 2.20.0 2.25.4 org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34479

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2025-68161 中危 2.17.1 2.25.3 Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58

org.apache.logging.log4j:log4j-core CVE-2026-34477 中危 2.17.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34480 中危 2.17.1 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2025-68161 中危 2.20.0 2.25.3 Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58

org.apache.logging.log4j:log4j-core CVE-2026-34477 中危 2.20.0 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

org.apache.logging.log4j:log4j-core CVE-2026-34480 中危 2.20.0 2.25.4 org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.18.3 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.18.3 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.18.3 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.18.3 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

org.apache.mina:mina-core CVE-2021-41973 中危 2.0.7 2.1.5, 2.0.22 mina-core: infinite loop may lead to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-41973

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-11-01 09:15 修改: 2026-06-17 04:09

org.apache.pdfbox:pdfbox CVE-2021-27807 中危 2.0.16 2.0.23 pdfbox: infinite loop while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27807

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-03-19 16:15 修改: 2026-06-17 03:45

org.apache.pdfbox:pdfbox CVE-2021-27807 中危 2.0.16 2.0.23 pdfbox: infinite loop while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27807

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-03-19 16:15 修改: 2026-06-17 03:45

org.apache.pdfbox:pdfbox CVE-2021-27906 中危 2.0.16 2.0.23 pdfbox: OutOfMemory-Exception while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27906

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-03-19 16:15 修改: 2026-06-17 03:45

org.apache.pdfbox:pdfbox CVE-2021-27906 中危 2.0.16 2.0.23 pdfbox: OutOfMemory-Exception while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27906

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-03-19 16:15 修改: 2026-06-17 03:45

org.apache.pdfbox:pdfbox CVE-2021-31811 中危 2.0.16 2.0.24 pdfbox: OutOfMemory-Exception while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31811

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-06-12 10:15 修改: 2026-06-17 03:52

org.apache.pdfbox:pdfbox CVE-2021-31811 中危 2.0.16 2.0.24 pdfbox: OutOfMemory-Exception while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31811

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-06-12 10:15 修改: 2026-06-17 03:52

org.apache.pdfbox:pdfbox CVE-2021-31812 中危 2.0.16 2.0.24 pdfbox: infinite loop while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31812

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-06-12 10:15 修改: 2026-06-17 03:52

org.apache.pdfbox:pdfbox CVE-2021-31812 中危 2.0.16 2.0.24 pdfbox: infinite loop while loading a crafted PDF file

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31812

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-06-12 10:15 修改: 2026-06-17 03:52

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.18.3 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.hubspot.jinjava:jinjava CVE-2018-18893 中危 2.4.0 2.4.6 Jinjava calls getClass

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-18893

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-01-03 01:29 修改: 2026-06-17 01:48

org.apache.shiro:shiro-core CVE-2026-43827 中危 1.13.0 2.2.0, 3.0.0-alpha-2 apache-shiro: Apache Shiro: Session fixation vulnerability due to improper session invalidation upon login

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43827

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-25 21:16 修改: 2026-06-17 10:49

org.apache.shiro:shiro-core CVE-2026-43827 中危 1.13.0 2.2.0, 3.0.0-alpha-2 apache-shiro: Apache Shiro: Session fixation vulnerability due to improper session invalidation upon login

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43827

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-25 21:16 修改: 2026-06-17 10:49

org.apache.shiro:shiro-web CVE-2026-43828 中危 1.13.0 2.2.0, 3.0.0-alpha-2 apache-shiro: Apache Shiro: Information disclosure via insecure cookie handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43828

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-25 21:16 修改: 2026-06-17 10:49

com.hubspot.jinjava:jinjava CVE-2018-18893 中危 2.4.0 2.4.6 Jinjava calls getClass

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-18893

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-01-03 01:29 修改: 2026-06-17 01:48

com.hubspot.jinjava:jinjava CVE-2018-18893 中危 2.4.0 2.4.6 Jinjava calls getClass

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-18893

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-01-03 01:29 修改: 2026-06-17 01:48

com.hubspot.jinjava:jinjava CVE-2020-12668 中危 2.4.0 2.5.4 Unauthorized access to Class instance in Jinjava

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12668

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-02-19 23:15 修改: 2026-06-17 02:52

com.hubspot.jinjava:jinjava CVE-2020-12668 中危 2.4.0 2.5.4 Unauthorized access to Class instance in Jinjava

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12668

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-02-19 23:15 修改: 2026-06-17 02:52

com.hubspot.jinjava:jinjava CVE-2020-12668 中危 2.4.0 2.5.4 Unauthorized access to Class instance in Jinjava

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-12668

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-02-19 23:15 修改: 2026-06-17 02:52

org.apache.zookeeper:zookeeper CVE-2024-23944 中危 3.6.3 3.8.4, 3.9.2 Apache-ZooKeeper: Apache ZooKeeper: Information disclosure in persistent watcher handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23944

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-03-15 11:15 修改: 2026-06-17 07:13

org.bouncycastle:bcpkix-jdk18on CVE-2026-5588 中危 1.80 1.84 bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:21

org.bouncycastle:bcprov-jdk18on CVE-2026-0636 中危 1.80.2 1.84 bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:17

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.18.3 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.18.3 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.18.3 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.18.3 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.jcraft:jsch CVE-2016-5725 中危 0.1.53 0.1.54 jsch: ChannelSftp path traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-5725

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2017-01-19 22:59 修改: 2026-06-17 00:49

com.fasterxml.jackson.core:jackson-databind CVE-2026-54515 中危 2.18.3 3.1.4, 2.18.9, 2.21.5, 2.22.1 jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

com.rabbitmq:amqp-client CVE-2023-46120 中危 5.5.3 5.18.0 RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46120

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-10-25 18:17 修改: 2026-06-17 06:30

org.eclipse.jetty:jetty-http CVE-2024-6763 中危 11.0.24 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18

org.eclipse.jetty:jetty-http CVE-2024-6763 中危 11.0.24 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18

org.eclipse.jetty:jetty-http CVE-2024-6763 中危 11.0.24 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18

org.eclipse.jetty:jetty-http CVE-2024-6763 中危 11.0.24 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18

org.eclipse.jetty:jetty-http CVE-2024-6763 中危 8.2.0.v20160908 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

org.eclipse.jetty:jetty-http CVE-2024-6763 中危 9.4.54.v20240208 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

com.squareup.okio:okio CVE-2023-3635 中危 1.15.0 3.4.0, 1.17.6 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-07-12 19:15 修改: 2026-06-17 06:14

com.squareup.okio:okio CVE-2023-3635 中危 1.17.3 3.4.0, 1.17.6 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-07-12 19:15 修改: 2026-06-17 06:14

commons-lang:commons-lang CVE-2025-48924 中危 2.6 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

commons-lang:commons-lang CVE-2025-48924 中危 2.6 commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30

commons-net:commons-net CVE-2021-37533 中危 3.3 3.9.0 apache-commons-net: FTP client trusts the host from PASV response by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37533

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-12-03 15:15 修改: 2026-06-17 04:00

org.eclipse.jetty:jetty-server CVE-2019-10241 中危 8.2.0.v20160908 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10241

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-04-22 20:29 修改: 2026-06-17 02:10

org.eclipse.jetty:jetty-server CVE-2019-10247 中危 8.2.0.v20160908 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 jetty: error path information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10247

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-04-22 20:29 修改: 2026-06-17 02:10

org.eclipse.jetty:jetty-server CVE-2023-26048 中危 8.2.0.v20160908 9.4.51.v20230217, 10.0.14, 11.0.14 jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26048

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-04-18 21:15 修改: 2026-06-17 05:42

commons-net:commons-net CVE-2021-37533 中危 3.3 3.9.0 apache-commons-net: FTP client trusts the host from PASV response by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37533

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-12-03 15:15 修改: 2026-06-17 04:00

org.eclipse.jetty:jetty-server CVE-2024-8184 中危 9.4.54.v20240208 12.0.9, 10.0.24, 11.0.24, 9.4.56 org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:22

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

org.eclipse.jgit:org.eclipse.jgit CVE-2025-4949 中危 4.5.4.201711221230-r 7.2.1.202505142326-r, 7.1.1.202505221757-r, 7.0.1.202505221510-r, 6.10.1.202505221210-r, 6.0.0.202111291000-r, 5.13.4.202507202350-r org.eclipse.jgit: XXE vulnerability in Eclipse JGit

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4949

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-05-21 07:16 修改: 2026-06-17 09:34

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

org.elasticsearch:elasticsearch CVE-2018-3824 中危 2.4.3 5.6.9, 6.2.4 Elasticsearch subject to cross site scripting

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-3824

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2018-09-19 19:29 修改: 2026-06-17 01:57

org.elasticsearch:elasticsearch CVE-2019-7614 中危 2.4.3 6.8.2, 7.2.1 elasticsearch: Race condition in response headers on systems with multiple submitting requests

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-7614

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2019-07-30 22:15 修改: 2026-06-17 02:40

org.elasticsearch:elasticsearch CVE-2020-7019 中危 2.4.3 7.9.0, 6.8.12 elasticsearch: scrolling search can leak fields that should be hidden allowing access restriction bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7019

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-08-18 17:15 修改: 2026-06-17 03:24

org.elasticsearch:elasticsearch CVE-2020-7021 中危 2.4.3 6.8.14, 7.10.0 elasticsearch: Information disclosure via audit logging with emit_request_body option enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7021

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-02-10 19:15 修改: 2026-06-17 03:24

org.elasticsearch:elasticsearch CVE-2021-22135 中危 2.4.3 7.11.2, 6.8.15 elasticsearch: Document disclosure flaw in the Elasticsearch suggester

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22135

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-05-13 18:15 修改: 2026-06-17 03:36

org.elasticsearch:elasticsearch CVE-2021-22137 中危 2.4.3 7.11.2, 6.8.15 elasticsearch: Document disclosure flaw when Document or Field Level Security is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22137

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-05-13 18:15 修改: 2026-06-17 03:36

org.elasticsearch:elasticsearch CVE-2021-22144 中危 2.4.3 6.8.17, 7.13.3 elasticsearch: uncontrolled recursion in Grok parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22144

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-07-26 12:15 修改: 2026-06-17 03:36

org.elasticsearch:elasticsearch CVE-2023-49921 中危 2.4.3 7.17.16, 8.11.2 elasticsearch: Insertion of Sensitive Information into Log File

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-49921

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-07-26 05:15 修改: 2026-06-17 06:36

org.elasticsearch:elasticsearch CVE-2024-23444 中危 2.4.3 8.13.0, 7.17.23 Elasticsearch stores private key on disk unencrypted

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23444

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-07-31 18:15 修改: 2026-06-17 07:12

org.elasticsearch:elasticsearch CVE-2024-43709 中危 2.4.3 7.17.21, 8.13.3 elasticsearch: Elasticsearch allocation of resources without limits or throttling leads to crash

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43709

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-01-21 11:15 修改: 2026-06-17 07:51

org.elasticsearch:elasticsearch CVE-2024-52979 中危 2.4.3 7.17.25, 8.16.0 elasticsearch: Elasticsearch Uncontrolled Resource Consumption vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52979

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-05-01 14:15 修改: 2026-06-17 08:07

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

io.netty:netty CVE-2019-20445 中危 3.10.6.Final 4.0.0 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20445

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-01-29 21:15 修改: 2026-06-17 02:30

io.netty:netty CVE-2021-21290 中危 3.10.6.Final 4.0.0 netty: Information disclosure via the local system temporary directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21290

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-02-08 20:15 修改: 2026-06-17 03:35

io.netty:netty CVE-2021-21295 中危 3.10.6.Final 4.0.0 netty: possible request smuggling in HTTP/2 due missing validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21295

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-03-09 19:15 修改: 2026-06-17 03:35

io.netty:netty CVE-2021-21409 中危 3.10.6.Final 4.0.0 netty: Request smuggling via content-length header

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21409

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-03-30 15:15 修改: 2026-06-17 03:35

io.netty:netty CVE-2021-43797 中危 3.10.6.Final 4.0.0 netty: control chars in header names may lead to HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-12-09 19:15 修改: 2026-06-17 04:11

org.jsoup:jsoup CVE-2022-36033 中危 1.10.3 1.15.3 jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52

org.jsoup:jsoup CVE-2022-36033 中危 1.10.3 1.15.3 jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

org.jsoup:jsoup CVE-2022-36033 中危 1.11.3 1.15.3 jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52

com.fasterxml.jackson.core:jackson-core CVE-2025-49128 中危 2.9.8 2.13.0 com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-06-06 22:15 修改: 2026-06-17 09:30

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.9.8 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

io.netty:netty-codec CVE-2025-58057 中危 4.1.51.Final 4.1.125.Final netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43

org.jsoup:jsoup CVE-2015-6748 中危 1.8.1 1.8.3 jsoup: XSS vulnerability related to incomplete tags at EOF

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-6748

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2017-09-25 17:29 修改: 2026-05-13 00:24

org.jsoup:jsoup CVE-2015-6748 中危 1.8.1 1.8.3 jsoup: XSS vulnerability related to incomplete tags at EOF

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-6748

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2017-09-25 17:29 修改: 2026-05-13 00:24

org.jsoup:jsoup CVE-2015-6748 中危 1.8.1 1.8.3 jsoup: XSS vulnerability related to incomplete tags at EOF

漏洞详情: https://avd.aquasec.com/nvd/cve-2015-6748

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2017-09-25 17:29 修改: 2026-05-13 00:24

org.jsoup:jsoup CVE-2022-36033 中危 1.8.1 1.15.3 jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52

org.jsoup:jsoup CVE-2022-36033 中危 1.8.1 1.15.3 jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52

org.jsoup:jsoup CVE-2022-36033 中危 1.8.1 1.15.3 jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36033

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-08-29 17:15 修改: 2026-06-17 04:52

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

io.netty:netty-codec CVE-2025-58057 中危 4.1.75.Final 4.1.125.Final netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43

com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.18.3 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30

org.yaml:snakeyaml CVE-2022-38749 中危 1.15 1.31 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38749

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-38750 中危 1.15 1.31 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38750

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-38751 中危 1.15 1.31 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38751

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-38752 中危 1.15 1.32 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38752

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57

org.yaml:snakeyaml CVE-2022-41854 中危 1.15 1.32 dev-java/snakeyaml: DoS via stack overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41854

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-11-11 13:15 修改: 2026-06-17 05:03

io.netty:netty-codec CVE-2025-58057 中危 4.1.87.Final 4.1.125.Final netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43

org.eclipse.jetty:jetty-server CVE-2021-34428 低危 8.2.0.v20160908 9.4.41, 10.0.3, 11.0.3 jetty: SessionListener can prevent a session from being invalidated breaking logout

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-34428

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-06-22 15:15 修改: 2026-06-17 03:55

org.eclipse.jetty:jetty-server CVE-2023-26049 低危 8.2.0.v20160908 9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0 jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26049

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-04-18 21:15 修改: 2026-06-17 05:42

com.google.guava:guava CVE-2020-8908 低危 25.0-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

com.google.guava:guava CVE-2020-8908 低危 18.0 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

com.google.guava:guava CVE-2020-8908 低危 24.1.1-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

org.eclipse.jetty:jetty-http CVE-2025-11143 低危 11.0.24 12.0.31, 12.1.5 org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29

org.eclipse.jetty:jetty-http CVE-2025-11143 低危 11.0.24 12.0.31, 12.1.5 org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29

org.eclipse.jetty:jetty-http CVE-2025-11143 低危 11.0.24 12.0.31, 12.1.5 org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29

org.eclipse.jetty:jetty-http CVE-2025-11143 低危 11.0.24 12.0.31, 12.1.5 org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29

com.google.guava:guava CVE-2020-8908 低危 19.0 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

org.eclipse.jetty:jetty-http CVE-2022-2047 低危 8.2.0.v20160908 9.4.47, 10.0.10, 11.0.10 jetty-http: improver hostname input handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2047

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-07-07 21:15 修改: 2026-06-17 04:41

com.google.guava:guava CVE-2020-8908 低危 20.0 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

com.google.guava:guava CVE-2020-8908 低危 25.0-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

org.eclipse.jetty:jetty-http CVE-2025-11143 低危 9.4.54.v20240208 12.0.31, 12.1.5 org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29

com.google.guava:guava CVE-2020-8908 低危 31.1-android 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

com.google.guava:guava CVE-2020-8908 低危 31.1-android 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

io.netty:netty-codec-http CVE-2025-58056 低危 4.1.87.Final 4.1.125.Final, 4.2.5.Final netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43

com.google.guava:guava CVE-2020-8908 低危 31.1-android 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

org.apache.shiro:shiro-core CVE-2026-23901 低危 1.13.0 2.1.0 org.apache.shiro/shiro-core: Apache Shiro: Brute force attack possible to determine valid user names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23901

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-10 10:15 修改: 2026-06-17 10:22

org.elasticsearch:elasticsearch CVE-2020-7020 低危 2.4.3 6.8.13, 7.9.2 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7020

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-10-22 17:15 修改: 2026-06-17 03:24

org.apache.shiro:shiro-core CVE-2026-23901 低危 1.13.0 2.1.0 org.apache.shiro/shiro-core: Apache Shiro: Brute force attack possible to determine valid user names

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23901

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-10 10:15 修改: 2026-06-17 10:22

io.netty:netty-handler-proxy CVE-2026-42578 低危 4.1.87.Final 4.1.133.Final, 4.2.13.Final netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19

com.google.guava:guava CVE-2020-8908 低危 31.1-android 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

com.google.guava:guava CVE-2020-8908 低危 31.1-android 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27

Node.js (node-pkg)
低危漏洞:0 中危漏洞:0 高危漏洞:0 严重漏洞:0
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Python (python-pkg)
低危漏洞:18 中危漏洞:78 高危漏洞:76 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
Pillow CVE-2023-50447 严重 9.2.0 10.2.0 pillow: Arbitrary Code Execution via the environment parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50447

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-01-19 20:15 修改: 2026-06-17 06:39

Pillow CVE-2023-50447 严重 9.2.0 10.2.0 pillow: Arbitrary Code Execution via the environment parameter

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-50447

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-01-19 20:15 修改: 2026-06-17 06:39

Brotli CVE-2025-6176 高危 1.0.9 1.2.0 Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6176

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-10-31 00:15 修改: 2026-06-17 10:01

Brotli CVE-2025-6176 高危 1.0.9 1.2.0 Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6176

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-10-31 00:15 修改: 2026-06-17 10:01

Brotli CVE-2025-6176 高危 1.0.9 1.2.0 Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6176

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-10-31 00:15 修改: 2026-06-17 10:01

Brotli CVE-2025-6176 高危 1.0.9 1.2.0 Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-6176

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-10-31 00:15 修改: 2026-06-17 10:01

Pillow CVE-2022-45199 高危 9.2.0 9.3.0 Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45199

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2022-11-14 07:15 修改: 2026-06-17 05:09

Pillow CVE-2022-45199 高危 9.2.0 9.3.0 Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45199

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-11-14 07:15 修改: 2026-06-17 05:09

Pillow CVE-2023-44271 高危 9.2.0 10.0.0 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44271

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2023-11-03 05:15 修改: 2026-06-17 06:27

Pillow CVE-2023-44271 高危 9.2.0 10.0.0 python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44271

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-11-03 05:15 修改: 2026-06-17 06:27

Pillow CVE-2023-4863 高危 9.2.0 10.0.1 libwebp: Heap buffer overflow in WebP Codec

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4863

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2023-09-12 15:15 修改: 2026-06-17 06:38

Pillow CVE-2023-4863 高危 9.2.0 10.0.1 libwebp: Heap buffer overflow in WebP Codec

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-4863

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-09-12 15:15 修改: 2026-06-17 06:38

Pillow CVE-2024-28219 高危 9.2.0 10.3.0 python-pillow: buffer overflow in _imagingcms.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28219

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-04-03 03:15 修改: 2026-06-17 07:21

Pillow CVE-2024-28219 高危 9.2.0 10.3.0 python-pillow: buffer overflow in _imagingcms.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-28219

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-04-03 03:15 修改: 2026-06-17 07:21

cryptography CVE-2024-26130 高危 42.0.2 42.0.4 python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26130

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-02-21 17:15 修改: 2026-06-17 07:17

cryptography CVE-2024-26130 高危 42.0.2 42.0.4 python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26130

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-02-21 17:15 修改: 2026-06-17 07:17

cryptography CVE-2026-26007 高危 42.0.2 46.0.5 cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26007

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-02-10 22:17 修改: 2026-07-01 13:16

cryptography CVE-2026-26007 高危 42.0.2 46.0.5 cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-26007

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-10 22:17 修改: 2026-07-01 13:16

cryptography GHSA-537c-gmf6-5ccf 高危 42.0.2 48.0.1 Vulnerable OpenSSL included in cryptography wheels

漏洞详情: https://github.com/advisories/GHSA-537c-gmf6-5ccf

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12

cryptography GHSA-537c-gmf6-5ccf 高危 42.0.2 48.0.1 Vulnerable OpenSSL included in cryptography wheels

漏洞详情: https://github.com/advisories/GHSA-537c-gmf6-5ccf

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-15 20:12 修改: 2026-06-15 20:12

fonttools CVE-2023-45139 高危 4.38.0 4.43.0 fonttools: XML External Entity Injection (XXE) Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45139

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-01-10 16:15 修改: 2026-06-17 06:28

fonttools CVE-2023-45139 高危 4.38.0 4.43.0 fonttools: XML External Entity Injection (XXE) Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45139

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-01-10 16:15 修改: 2026-06-17 06:28

grpcio CVE-2023-33953 高危 1.48.1 1.53.2, 1.54.3, 1.55.2, 1.56.2 gRPC: hpack table accounting errors can lead to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33953

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2023-08-09 13:15 修改: 2026-06-17 06:02

grpcio CVE-2023-33953 高危 1.48.1 1.53.2, 1.54.3, 1.55.2, 1.56.2 gRPC: hpack table accounting errors can lead to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33953

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-08-09 13:15 修改: 2026-06-17 06:02

intake CVE-2026-33310 高危 0.7.0 Intake has a Command Injection via shell() Expansion in Parameter Defaults

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33310

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-03-24 14:16 修改: 2026-06-17 10:37

intake CVE-2026-33310 高危 0.7.0 Intake has a Command Injection via shell() Expansion in Parameter Defaults

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33310

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-24 14:16 修改: 2026-06-17 10:37

jupyter_core CVE-2022-39286 高危 4.11.1 4.11.2 Jupyter Core is a package for the core common functionality of Jupyter ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-39286

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2022-10-26 20:15 修改: 2026-06-17 04:58

jupyter_core CVE-2022-39286 高危 4.11.1 4.11.2 Jupyter Core is a package for the core common functionality of Jupyter ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-39286

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-10-26 20:15 修改: 2026-06-17 04:58

jupyter_core CVE-2025-30167 高危 4.11.1 5.8.1 Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30167

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-06-03 17:15 修改: 2026-06-17 09:08

jupyter_core CVE-2025-30167 高危 4.11.1 5.8.1 Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-30167

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-06-03 17:15 修改: 2026-06-17 09:08

msgpack GHSA-6v7p-g79w-8964 高危 1.0.4 1.2.1 MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error

漏洞详情: https://github.com/advisories/GHSA-6v7p-g79w-8964

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-06-19 21:42 修改: 2026-06-19 21:42

msgpack GHSA-6v7p-g79w-8964 高危 1.0.4 1.2.1 MessagePack for Python: Out-of-bounds read / crash on Unpacker reuse after a caught error

漏洞详情: https://github.com/advisories/GHSA-6v7p-g79w-8964

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-19 21:42 修改: 2026-06-19 21:42

protobuf CVE-2025-4565 高危 4.21.8 4.25.8, 5.29.5, 6.31.1 python-protobuf: Unbounded recursion in Python Protobuf

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4565

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:33

protobuf CVE-2025-4565 高危 4.21.8 4.25.8, 5.29.5, 6.31.1 python-protobuf: Unbounded recursion in Python Protobuf

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-4565

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:33

protobuf CVE-2026-0994 高危 4.21.8 6.33.5, 5.29.6 python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0994

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-01-23 15:16 修改: 2026-06-30 03:17

protobuf CVE-2026-0994 高危 4.21.8 6.33.5, 5.29.6 python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0994

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-01-23 15:16 修改: 2026-06-30 03:17

setuptools CVE-2022-40897 高危 59.8.0 65.5.1 pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2022-12-23 00:15 修改: 2026-06-17 05:02

setuptools CVE-2022-40897 高危 59.8.0 65.5.1 pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-40897

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2022-12-23 00:15 修改: 2026-06-17 05:02

setuptools CVE-2024-6345 高危 59.8.0 70.0.0 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-07-15 01:15 修改: 2026-06-17 08:17

setuptools CVE-2024-6345 高危 59.8.0 70.0.0 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-07-15 01:15 修改: 2026-06-17 08:17

setuptools CVE-2025-47273 高危 59.8.0 78.1.1 setuptools: Path Traversal Vulnerability in setuptools PackageIndex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-05-17 16:15 修改: 2026-06-17 09:27

setuptools CVE-2025-47273 高危 59.8.0 78.1.1 setuptools: Path Traversal Vulnerability in setuptools PackageIndex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-05-17 16:15 修改: 2026-06-17 09:27

setuptools CVE-2024-6345 高危 68.2.2 70.0.0 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-07-15 01:15 修改: 2026-06-17 08:17

setuptools CVE-2024-6345 高危 68.2.2 70.0.0 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6345

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-07-15 01:15 修改: 2026-06-17 08:17

setuptools CVE-2025-47273 高危 68.2.2 78.1.1 setuptools: Path Traversal Vulnerability in setuptools PackageIndex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-05-17 16:15 修改: 2026-06-17 09:27

setuptools CVE-2025-47273 高危 68.2.2 78.1.1 setuptools: Path Traversal Vulnerability in setuptools PackageIndex

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47273

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-05-17 16:15 修改: 2026-06-17 09:27

tornado CVE-2024-52804 高危 6.2 6.4.2 python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52804

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-11-22 16:15 修改: 2026-06-17 08:07

tornado CVE-2024-52804 高危 6.2 6.4.2 python-tornado: Tornado has HTTP cookie parsing DoS vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52804

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-11-22 16:15 修改: 2026-06-17 08:07

tornado CVE-2025-47287 高危 6.2 6.5 tornado: Tornado Multipart Form-Data Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47287

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-05-15 22:15 修改: 2026-06-17 09:27

tornado CVE-2025-47287 高危 6.2 6.5 tornado: Tornado Multipart Form-Data Denial of Service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-47287

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-05-15 22:15 修改: 2026-06-17 09:27

tornado CVE-2026-31958 高危 6.2 6.5.5 tornado-python: Tornado: Denial of Service via large multipart bodies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31958

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-03-11 20:16 修改: 2026-06-17 10:34

tornado CVE-2026-31958 高危 6.2 6.5.5 tornado-python: Tornado: Denial of Service via large multipart bodies

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-31958

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-11 20:16 修改: 2026-06-17 10:34

tornado CVE-2026-35536 高危 6.2 6.5.5 tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35536

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-04-03 04:16 修改: 2026-06-17 10:40

tornado CVE-2026-35536 高危 6.2 6.5.5 tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-35536

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-03 04:16 修改: 2026-06-17 10:40

tornado CVE-2026-49853 高危 6.2 6.5.6 Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49853

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

tornado CVE-2026-49853 高危 6.2 6.5.6 Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49853

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

tornado CVE-2026-49855 高危 6.2 6.5.6 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49855

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

tornado CVE-2026-49855 高危 6.2 6.5.6 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49855

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

urllib3 CVE-2025-66418 高危 2.1.0 2.6.0 urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66418

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-12-05 16:15 修改: 2026-06-17 09:56

urllib3 CVE-2025-66418 高危 2.1.0 2.6.0 urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66418

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-12-05 16:15 修改: 2026-06-17 09:56

urllib3 CVE-2025-66471 高危 2.1.0 2.6.0 urllib3: urllib3 Streaming API improperly handles highly compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66471

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-12-05 17:16 修改: 2026-06-17 09:56

urllib3 CVE-2025-66471 高危 2.1.0 2.6.0 urllib3: urllib3 Streaming API improperly handles highly compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66471

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-12-05 17:16 修改: 2026-06-17 09:56

urllib3 CVE-2026-21441 高危 2.1.0 2.6.3 urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21441

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-01-07 22:15 修改: 2026-07-03 13:16

urllib3 CVE-2026-21441 高危 2.1.0 2.6.3 urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21441

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-01-07 22:15 修改: 2026-07-03 13:16

urllib3 CVE-2026-44431 高危 2.1.0 2.7.0 urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-05-13 16:16 修改: 2026-06-26 12:16

urllib3 CVE-2026-44431 高危 2.1.0 2.7.0 urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 16:16 修改: 2026-06-26 12:16

urllib3 CVE-2025-66418 高危 2.2.1 2.6.0 urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66418

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-12-05 16:15 修改: 2026-06-17 09:56

urllib3 CVE-2025-66418 高危 2.2.1 2.6.0 urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66418

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-12-05 16:15 修改: 2026-06-17 09:56

urllib3 CVE-2025-66471 高危 2.2.1 2.6.0 urllib3: urllib3 Streaming API improperly handles highly compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66471

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-12-05 17:16 修改: 2026-06-17 09:56

urllib3 CVE-2025-66471 高危 2.2.1 2.6.0 urllib3: urllib3 Streaming API improperly handles highly compressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66471

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-12-05 17:16 修改: 2026-06-17 09:56

urllib3 CVE-2026-21441 高危 2.2.1 2.6.3 urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21441

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-01-07 22:15 修改: 2026-07-03 13:16

urllib3 CVE-2026-21441 高危 2.2.1 2.6.3 urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21441

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-01-07 22:15 修改: 2026-07-03 13:16

urllib3 CVE-2026-44431 高危 2.2.1 2.7.0 urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-05-13 16:16 修改: 2026-06-26 12:16

urllib3 CVE-2026-44431 高危 2.2.1 2.7.0 urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44431

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-13 16:16 修改: 2026-06-26 12:16

wheel CVE-2026-24049 高危 0.41.2 0.46.2 wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-01-22 05:16 修改: 2026-07-01 13:16

wheel CVE-2026-24049 高危 0.41.2 0.46.2 wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-01-22 05:16 修改: 2026-07-01 13:16

wheel CVE-2026-24049 高危 0.42.0 0.46.2 wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-01-22 05:16 修改: 2026-07-01 13:16

wheel CVE-2026-24049 高危 0.42.0 0.46.2 wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24049

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-01-22 05:16 修改: 2026-07-01 13:16

Markdown CVE-2025-69534 中危 3.6 3.8.1 python-markdown: denial of service via malformed HTML-like sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69534

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-03-05 15:16 修改: 2026-06-30 03:16

Markdown CVE-2025-69534 中危 3.6 3.8.1 python-markdown: denial of service via malformed HTML-like sequences

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-69534

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-05 15:16 修改: 2026-06-30 03:16

requests CVE-2024-35195 中危 2.31.0 2.32.0 requests: subsequent requests to the same host ignore cert verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35195

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-05-20 21:15 修改: 2026-06-17 07:34

requests CVE-2024-35195 中危 2.31.0 2.32.0 requests: subsequent requests to the same host ignore cert verification

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-35195

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-05-20 21:15 修改: 2026-06-17 07:34

requests CVE-2024-47081 中危 2.31.0 2.32.4 requests: Requests vulnerable to .netrc credentials leak via malicious URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47081

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-06-09 18:15 修改: 2026-06-17 07:56

requests CVE-2024-47081 中危 2.31.0 2.32.4 requests: Requests vulnerable to .netrc credentials leak via malicious URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47081

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-06-09 18:15 修改: 2026-06-17 07:56

requests CVE-2026-25645 中危 2.31.0 2.33.0 requests: Requests: Security bypass due to predictable temporary file creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-03-25 17:16 修改: 2026-06-17 10:25

requests CVE-2026-25645 中危 2.31.0 2.33.0 requests: Requests: Security bypass due to predictable temporary file creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-25 17:16 修改: 2026-06-17 10:25

requests CVE-2024-47081 中危 2.32.2 2.32.4 requests: Requests vulnerable to .netrc credentials leak via malicious URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47081

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-06-09 18:15 修改: 2026-06-17 07:56

requests CVE-2024-47081 中危 2.32.2 2.32.4 requests: Requests vulnerable to .netrc credentials leak via malicious URLs

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47081

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-06-09 18:15 修改: 2026-06-17 07:56

requests CVE-2026-25645 中危 2.32.2 2.33.0 requests: Requests: Security bypass due to predictable temporary file creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-03-25 17:16 修改: 2026-06-17 10:25

requests CVE-2026-25645 中危 2.32.2 2.33.0 requests: Requests: Security bypass due to predictable temporary file creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25645

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-25 17:16 修改: 2026-06-17 10:25

cryptography GHSA-h4gh-qq45-vh27 中危 42.0.2 43.0.1 pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

漏洞详情: https://github.com/advisories/GHSA-h4gh-qq45-vh27

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-09-03 21:59 修改: 2024-09-03 21:59

cryptography GHSA-h4gh-qq45-vh27 中危 42.0.2 43.0.1 pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

漏洞详情: https://github.com/advisories/GHSA-h4gh-qq45-vh27

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-09-03 21:59 修改: 2024-09-03 21:59

distributed CVE-2026-23528 中危 2021.10.0 2026.1.0 Dask distributed is a distributed task scheduler for Dask. Prior to 20 ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23528

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-01-16 17:15 修改: 2026-06-17 10:21

distributed CVE-2026-23528 中危 2021.10.0 2026.1.0 Dask distributed is a distributed task scheduler for Dask. Prior to 20 ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23528

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-01-16 17:15 修改: 2026-06-17 10:21

Jinja2 CVE-2024-56201 中危 3.1.4 3.1.5 jinja2: Jinja has a sandbox breakout through malicious filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56201

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-12-23 16:15 修改: 2026-06-17 08:11

Jinja2 CVE-2024-56201 中危 3.1.4 3.1.5 jinja2: Jinja has a sandbox breakout through malicious filenames

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56201

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-12-23 16:15 修改: 2026-06-17 08:11

fonttools CVE-2025-66034 中危 4.38.0 4.60.2 fonttools: fontTools: Arbitrary file write leading to remote code execution via malicious .designspace file

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66034

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-11-29 01:16 修改: 2026-06-17 09:56

fonttools CVE-2025-66034 中危 4.38.0 4.60.2 fonttools: fontTools: Arbitrary file write leading to remote code execution via malicious .designspace file

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66034

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-11-29 01:16 修改: 2026-06-17 09:56

Pillow CVE-2026-42308 中危 9.2.0 12.2.0 Pillow: python: Pillow: Denial of Service via integer overflow in font processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42308

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-05-09 06:16 修改: 2026-06-17 10:47

Pillow CVE-2026-42308 中危 9.2.0 12.2.0 Pillow: python: Pillow: Denial of Service via integer overflow in font processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42308

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-09 06:16 修改: 2026-06-17 10:47

idna CVE-2026-45409 中危 3.10 3.15 Internationalized Domain Names in Applications (IDNA) for Python provi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-06-05 23:16 修改: 2026-06-17 10:52

idna CVE-2026-45409 中危 3.10 3.15 Internationalized Domain Names in Applications (IDNA) for Python provi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-05 23:16 修改: 2026-06-17 10:52

idna CVE-2024-3651 中危 3.4 3.7 python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3651

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-07-07 18:15 修改: 2026-06-17 07:44

idna CVE-2024-3651 中危 3.4 3.7 python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-3651

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-07-07 18:15 修改: 2026-06-17 07:44

idna CVE-2026-45409 中危 3.4 3.15 Internationalized Domain Names in Applications (IDNA) for Python provi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-06-05 23:16 修改: 2026-06-17 10:52

idna CVE-2026-45409 中危 3.4 3.15 Internationalized Domain Names in Applications (IDNA) for Python provi ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45409

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-05 23:16 修改: 2026-06-17 10:52

Pillow CVE-2026-42310 中危 9.2.0 12.2.0 Pillow: Pillow: Denial of Service via malicious PDF processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42310

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-05-09 06:16 修改: 2026-06-17 10:47

Pillow CVE-2026-42310 中危 9.2.0 12.2.0 Pillow: Pillow: Denial of Service via malicious PDF processing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42310

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-05-09 06:16 修改: 2026-06-17 10:47

bleach GHSA-gj48-438w-jh9v 中危 6.1.0 6.4.0 Bleach clean() / Cleaner() fails to sanitize dangerous URI schemes in allowed formaction attributes

漏洞详情: https://github.com/advisories/GHSA-gj48-438w-jh9v

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-06-16 14:07 修改: 2026-06-16 14:07

bleach GHSA-gj48-438w-jh9v 中危 6.1.0 6.4.0 Bleach clean() / Cleaner() fails to sanitize dangerous URI schemes in allowed formaction attributes

漏洞详情: https://github.com/advisories/GHSA-gj48-438w-jh9v

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-16 14:07 修改: 2026-06-16 14:07

bokeh CVE-2026-21883 中危 2.4.3 3.8.2 Bokeh: Bokeh: Information disclosure and unauthorized actions via flawed WebSocket origin validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21883

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-01-08 02:15 修改: 2026-06-17 10:19

bokeh CVE-2026-21883 中危 2.4.3 3.8.2 Bokeh: Bokeh: Information disclosure and unauthorized actions via flawed WebSocket origin validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-21883

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-01-08 02:15 修改: 2026-06-17 10:19

tornado CVE-2023-28370 中危 6.2 6.3.2 python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28370

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2023-05-25 10:15 修改: 2026-06-17 05:47

tornado CVE-2023-28370 中危 6.2 6.3.2 python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-28370

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-05-25 10:15 修改: 2026-06-17 05:47

tornado GHSA-753j-mpmx-qq6g 中危 6.2 6.4.1 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

漏洞详情: https://github.com/advisories/GHSA-753j-mpmx-qq6g

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-06-06 21:41 修改: 2024-06-06 21:41

tornado GHSA-753j-mpmx-qq6g 中危 6.2 6.4.1 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

漏洞详情: https://github.com/advisories/GHSA-753j-mpmx-qq6g

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-06-06 21:41 修改: 2024-06-06 21:41

tornado GHSA-78cv-mqj4-43f7 中危 6.2 6.5.5 Tornado has incomplete validation of cookie attributes

漏洞详情: https://github.com/advisories/GHSA-78cv-mqj4-43f7

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-03-11 22:17 修改: 2026-03-11 22:17

tornado GHSA-78cv-mqj4-43f7 中危 6.2 6.5.5 Tornado has incomplete validation of cookie attributes

漏洞详情: https://github.com/advisories/GHSA-78cv-mqj4-43f7

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-11 22:17 修改: 2026-03-11 22:17

tornado GHSA-pw6j-qg29-8w7f 中危 6.2 6.5.7 Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse

漏洞详情: https://github.com/advisories/GHSA-pw6j-qg29-8w7f

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-06-15 20:37 修改: 2026-06-15 20:37

tornado GHSA-pw6j-qg29-8w7f 中危 6.2 6.5.7 Tornado: CurlAsyncHTTPClient leaks per-request credentials on handle reuse

漏洞详情: https://github.com/advisories/GHSA-pw6j-qg29-8w7f

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-15 20:37 修改: 2026-06-15 20:37

tornado GHSA-qppv-j76h-2rpx 中危 6.2 6.3.3 Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths

漏洞详情: https://github.com/advisories/GHSA-qppv-j76h-2rpx

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2023-08-14 21:34 修改: 2023-08-14 21:34

tornado GHSA-qppv-j76h-2rpx 中危 6.2 6.3.3 Tornado vulnerable to HTTP request smuggling via improper parsing of `Content-Length` fields and chunk lengths

漏洞详情: https://github.com/advisories/GHSA-qppv-j76h-2rpx

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-08-14 21:34 修改: 2023-08-14 21:34

tornado GHSA-w235-7p84-xx57 中危 6.2 6.4.1 Tornado has a CRLF injection in CurlAsyncHTTPClient headers

漏洞详情: https://github.com/advisories/GHSA-w235-7p84-xx57

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-06-06 21:46 修改: 2024-06-06 21:46

tornado GHSA-w235-7p84-xx57 中危 6.2 6.4.1 Tornado has a CRLF injection in CurlAsyncHTTPClient headers

漏洞详情: https://github.com/advisories/GHSA-w235-7p84-xx57

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-06-06 21:46 修改: 2024-06-06 21:46

Jinja2 CVE-2024-56326 中危 3.1.4 3.1.5 jinja2: Jinja has a sandbox breakout through indirect reference to format method

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56326

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-12-23 16:15 修改: 2026-06-17 08:12

Jinja2 CVE-2024-56326 中危 3.1.4 3.1.5 jinja2: Jinja has a sandbox breakout through indirect reference to format method

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56326

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-12-23 16:15 修改: 2026-06-17 08:12

numpy CVE-2021-33430 中危 1.19.5 1.21 numpy: buffer overflow in the PyArray_NewFromDescr_int() in ctors.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33430

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2021-12-17 19:15 修改: 2026-06-17 03:54

numpy CVE-2021-33430 中危 1.19.5 1.21 numpy: buffer overflow in the PyArray_NewFromDescr_int() in ctors.c

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33430

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-12-17 19:15 修改: 2026-06-17 03:54

numpy CVE-2021-34141 中危 1.19.5 1.22 numpy: incomplete string comparison in the numpy.core component

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-34141

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2021-12-17 19:15 修改: 2026-06-17 03:55

numpy CVE-2021-34141 中危 1.19.5 1.22 numpy: incomplete string comparison in the numpy.core component

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-34141

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2021-12-17 19:15 修改: 2026-06-17 03:55

pip CVE-2025-8869 中危 23.3.1 25.3 pip: pip missing checks on symbolic link extraction

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-09-24 15:15 修改: 2026-06-17 10:07

pip CVE-2025-8869 中危 23.3.1 25.3 pip: pip missing checks on symbolic link extraction

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-24 15:15 修改: 2026-06-17 10:07

urllib3 CVE-2024-37891 中危 2.1.0 1.26.19, 2.2.2 urllib3: proxy-authorization request header is not stripped during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

urllib3 CVE-2024-37891 中危 2.1.0 1.26.19, 2.2.2 urllib3: proxy-authorization request header is not stripped during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

urllib3 CVE-2025-50181 中危 2.1.0 2.5.0 urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50181

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-06-19 01:15 修改: 2026-06-17 09:34

urllib3 CVE-2025-50181 中危 2.1.0 2.5.0 urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50181

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-06-19 01:15 修改: 2026-06-17 09:34

pip CVE-2026-3219 中危 23.3.1 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:43

pip CVE-2026-3219 中危 23.3.1 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:43

pip CVE-2026-6357 中危 23.3.1 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-04-27 15:16 修改: 2026-06-17 11:00

pip CVE-2026-6357 中危 23.3.1 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-27 15:16 修改: 2026-06-17 11:00

pip CVE-2025-8869 中危 24.0 25.3 pip: pip missing checks on symbolic link extraction

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-09-24 15:15 修改: 2026-06-17 10:07

pip CVE-2025-8869 中危 24.0 25.3 pip: pip missing checks on symbolic link extraction

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8869

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-09-24 15:15 修改: 2026-06-17 10:07

pip CVE-2026-3219 中危 24.0 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:43

pip CVE-2026-3219 中危 24.0 26.1 pip: pip: Incorrect file installation due to improper archive handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-3219

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-20 16:16 修改: 2026-06-17 10:43

urllib3 CVE-2024-37891 中危 2.2.1 1.26.19, 2.2.2 urllib3: proxy-authorization request header is not stripped during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

urllib3 CVE-2024-37891 中危 2.2.1 1.26.19, 2.2.2 urllib3: proxy-authorization request header is not stripped during cross-origin redirects

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-37891

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-06-17 20:15 修改: 2026-06-17 07:38

urllib3 CVE-2025-50181 中危 2.2.1 2.5.0 urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50181

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-06-19 01:15 修改: 2026-06-17 09:34

urllib3 CVE-2025-50181 中危 2.2.1 2.5.0 urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50181

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-06-19 01:15 修改: 2026-06-17 09:34

urllib3 CVE-2025-50182 中危 2.2.1 2.5.0 urllib3: urllib3 does not control redirects in browsers and Node.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50182

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-06-19 02:15 修改: 2026-06-17 09:34

urllib3 CVE-2025-50182 中危 2.2.1 2.5.0 urllib3: urllib3 does not control redirects in browsers and Node.js

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-50182

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-06-19 02:15 修改: 2026-06-17 09:34

pip CVE-2026-6357 中危 24.0 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-04-27 15:16 修改: 2026-06-17 11:00

pip CVE-2026-6357 中危 24.0 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-6357

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-04-27 15:16 修改: 2026-06-17 11:00

Jinja2 CVE-2025-27516 中危 3.1.4 3.1.6 jinja2: Jinja sandbox breakout through attr filter selecting format method

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27516

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-03-05 21:15 修改: 2026-06-17 09:03

Jinja2 CVE-2025-27516 中危 3.1.4 3.1.6 jinja2: Jinja sandbox breakout through attr filter selecting format method

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-27516

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-03-05 21:15 修改: 2026-06-17 09:03

zipp CVE-2024-5569 中危 3.15.0 3.19.1 github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5569

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-07-09 00:15 修改: 2026-06-17 08:16

zipp CVE-2024-5569 中危 3.15.0 3.19.1 github.com/jaraco/zipp: Denial of Service (infinite loop) via crafted zip file in jaraco/zipp

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-5569

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-07-09 00:15 修改: 2026-06-17 08:16

tornado CVE-2026-49854 低危 6.2 6.5.6 Tornado has out-of-bounds memory access via C extension

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49854

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

tornado CVE-2026-49854 低危 6.2 6.5.6 Tornado has out-of-bounds memory access via C extension

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-49854

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00

tqdm CVE-2024-34062 低危 4.65.0 4.66.3 python-tqdm: non-boolean CLI arguments may lead to local code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34062

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2024-05-03 10:15 修改: 2026-06-17 07:32

tqdm CVE-2024-34062 低危 4.65.0 4.66.3 python-tqdm: non-boolean CLI arguments may lead to local code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34062

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2024-05-03 10:15 修改: 2026-06-17 07:32

cryptography CVE-2026-34073 低危 42.0.2 46.0.6 python-cryptography: Cryptography: Security bypass due to improper DNS name constraint validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34073

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

cryptography CVE-2026-34073 低危 42.0.2 46.0.6 python-cryptography: Cryptography: Security bypass due to improper DNS name constraint validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34073

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-31 03:15 修改: 2026-06-17 10:38

ipython CVE-2023-24816 低危 7.33.0 8.10.0 IPython vulnerable to command injection via set_term_title

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24816

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2023-02-10 20:15 修改: 2026-06-17 05:39

ipython CVE-2023-24816 低危 7.33.0 8.10.0 IPython vulnerable to command injection via set_term_title

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24816

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2023-02-10 20:15 修改: 2026-06-17 05:39

bleach GHSA-8rfp-98v4-mmr6 低危 6.1.0 6.4.0 Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output

漏洞详情: https://github.com/advisories/GHSA-8rfp-98v4-mmr6

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-06-16 14:06 修改: 2026-06-16 14:06

bleach GHSA-8rfp-98v4-mmr6 低危 6.1.0 6.4.0 Bleach: URI sanitization allows disallowed URI schemes with Unicode > U+00A0 in output

漏洞详情: https://github.com/advisories/GHSA-8rfp-98v4-mmr6

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-06-16 14:06 修改: 2026-06-16 14:06

pip CVE-2026-1703 低危 24.0 26.0 pip: pip: Information disclosure via path traversal when installing crafted wheel archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-02-02 15:16 修改: 2026-06-17 10:16

pip CVE-2026-1703 低危 24.0 26.0 pip: pip: Information disclosure via path traversal when installing crafted wheel archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-02 15:16 修改: 2026-06-17 10:16

Pygments CVE-2026-4539 低危 2.17.2 2.20.0 pygments: Pygments: Denial of Service via inefficient regular expression processing in AdlLexer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4539

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-03-22 06:16 修改: 2026-06-17 10:56

Pygments CVE-2026-4539 低危 2.17.2 2.20.0 pygments: Pygments: Denial of Service via inefficient regular expression processing in AdlLexer

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-4539

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-03-22 06:16 修改: 2026-06-17 10:56

cryptography CVE-2024-12797 低危 42.0.2 44.0.1 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2025-02-11 16:15 修改: 2026-06-17 07:00

cryptography CVE-2024-12797 低危 42.0.2 44.0.1 openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12797

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2025-02-11 16:15 修改: 2026-06-17 07:00

pip CVE-2026-1703 低危 23.3.1 26.0 pip: pip: Information disclosure via path traversal when installing crafted wheel archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703

镜像层: sha256:1bf7ccab6fc5cba229e7628e1f23d9366908f604047761f0d3fe6d0c21a35dde

发布日期: 2026-02-02 15:16 修改: 2026-06-17 10:16

pip CVE-2026-1703 低危 23.3.1 26.0 pip: pip: Information disclosure via path traversal when installing crafted wheel archives

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1703

镜像层: sha256:be5eb76610e35c6bd29d8370959122161414ed89b4e2c51f854749e3072060d7

发布日期: 2026-02-02 15:16 修改: 2026-06-17 10:16

检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×