| org.apache.tika:tika-core |
CVE-2025-66516 |
严重 |
2.7.0 |
3.2.2 |
tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66516
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-12-04 17:15 修改: 2026-06-17 09:56
|
| org.apache.tika:tika-parser-pdf-module |
CVE-2025-54988 |
严重 |
2.7.0 |
3.2.2 |
org.apache.tika/tika-parser-pdf-module: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-54988
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-08-20 20:15 修改: 2026-06-17 09:41
|
| org.apache.tika:tika-parser-pdf-module |
CVE-2025-66516 |
严重 |
2.7.0 |
3.2.2 |
tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66516
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-12-04 17:15 修改: 2026-06-17 09:56
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2025-14813 |
严重 |
1.76 |
1.80.2, 1.81.1, 1.84 |
bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-14813
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:16
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.15.0 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.15.0 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.15.0 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-07-02 12:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.15.0 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-07-02 12:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.15.0 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-07-02 12:17
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.21.9 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.21.9 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2023-52428 |
高危 |
9.23 |
9.37.2 |
nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52428
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-02-11 05:15 修改: 2026-06-17 06:42
|
| commons-io:commons-io |
CVE-2024-47554 |
高危 |
2.11.0 |
2.14.0 |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.94.Final |
4.1.133.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.94.Final |
4.1.133.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.94.Final |
4.1.133.Final |
Netty is an asynchronous, event-driven network application framework. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-dns |
CVE-2026-42579 |
高危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42579
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.1.94.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-03-27 20:16 修改: 2026-06-30 03:18
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.1.94.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-03-27 20:16 修改: 2026-06-30 03:18
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.1.94.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-03-27 20:16 修改: 2026-06-30 03:18
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-07-01 13:17
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-07-01 13:17
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-07-01 13:17
|
| io.netty:netty-codec-http2 |
CVE-2025-55163 |
高危 |
4.1.94.Final |
4.2.4.Final, 4.1.124.Final |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.netty:netty-codec-http2 |
CVE-2026-33871 |
高危 |
4.1.94.Final |
4.1.132.Final, 4.2.11.Final |
netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-03-27 20:16 修改: 2026-06-30 03:18
|
| io.netty:netty-codec-http2 |
CVE-2026-42587 |
高危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-07-01 13:17
|
| io.netty:netty-codec-http2 |
GHSA-xpw8-rcwv-8f8p |
高危 |
4.1.94.Final |
4.1.100.Final |
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2023-10-10 22:22 修改: 2023-11-06 22:08
|
| io.netty:netty-handler |
CVE-2025-24970 |
高危 |
4.1.94.Final |
4.1.118.Final |
io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59
|
| io.netty:netty-handler |
CVE-2025-24970 |
高危 |
4.1.94.Final |
4.1.118.Final |
io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59
|
| io.netty:netty-handler |
CVE-2025-24970 |
高危 |
4.1.94.Final |
4.1.118.Final |
io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-11 22:16 修改: 2026-07-02 12:17
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-11 22:16 修改: 2026-07-02 12:17
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-11 22:16 修改: 2026-07-02 12:17
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 15:16 修改: 2026-07-02 12:17
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 15:16 修改: 2026-07-02 12:17
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 15:16 修改: 2026-07-02 12:17
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 16:16 修改: 2026-07-02 12:17
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 16:16 修改: 2026-07-02 12:17
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 16:16 修改: 2026-07-02 12:17
|
| io.netty:netty-resolver-dns |
CVE-2026-45674 |
高危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45674
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 15:16 修改: 2026-06-30 03:20
|
| io.netty:netty-resolver-dns |
CVE-2026-47691 |
高危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47691
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 16:16 修改: 2026-06-30 03:20
|
| net.minidev:json-smart |
CVE-2023-1370 |
高危 |
2.4.8 |
2.4.9 |
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1370
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2023-03-22 06:15 修改: 2026-06-17 05:27
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-52999 |
高危 |
2.13.4 |
2.15.0 |
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.13.4.2 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.13.4.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-07-02 12:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.15.0 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| org.lz4:lz4-java |
CVE-2025-12183 |
高危 |
1.8.0 |
1.8.1 |
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-12183
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-11-28 16:15 修改: 2026-06-17 08:31
|
| org.lz4:lz4-java |
CVE-2025-66566 |
高危 |
1.8.0 |
|
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66566
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-12-05 18:15 修改: 2026-06-17 09:57
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.15.0 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| io.netty:netty-codec-http |
CVE-2024-29025 |
中危 |
4.1.94.Final |
4.1.108.Final |
netty-codec-http: Allocation of Resources Without Limits or Throttling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-03-25 20:15 修改: 2026-06-17 07:22
|
| io.netty:netty-codec-http |
CVE-2024-29025 |
中危 |
4.1.94.Final |
4.1.108.Final |
netty-codec-http: Allocation of Resources Without Limits or Throttling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-03-25 20:15 修改: 2026-06-17 07:22
|
| io.netty:netty-codec-http |
CVE-2024-29025 |
中危 |
4.1.94.Final |
4.1.108.Final |
netty-codec-http: Allocation of Resources Without Limits or Throttling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-03-25 20:15 修改: 2026-06-17 07:22
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.1.94.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.1.94.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.1.94.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.94.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.94.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.94.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.94.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.15.0 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.15.0 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.15.0 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| io.netty:netty-codec-http2 |
CVE-2026-47244 |
中危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-48043 |
中危 |
4.1.94.Final |
4.1.135.Final, 4.2.15.Final |
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 16:16 修改: 2026-06-30 03:20
|
| io.netty:netty-codec-http2 |
CVE-2026-50560 |
中危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.94.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.94.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.94.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.94.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.94.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.94.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2025-53864 |
中危 |
9.23 |
10.0.2, 9.37.4 |
com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-07-11 03:16 修改: 2026-06-17 09:39
|
| com.sun.mail:jakarta.mail |
CVE-2025-7962 |
中危 |
1.6.3 |
1.6.8, 2.0.2 |
com.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7962
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-07-21 18:15 修改: 2026-06-23 12:16
|
| com.sun.mail:jakarta.mail |
CVE-2025-7962 |
中危 |
1.6.4 |
1.6.8, 2.0.2 |
com.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7962
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-07-21 18:15 修改: 2026-06-23 12:16
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.13.4 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-50193 |
中危 |
2.13.4.2 |
2.14.0 |
jackson-databind: Jackson-databind: Denial of Service via deeply nested JSON processing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50193
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:05
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.13.4.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.94.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.94.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.94.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.13.4.2 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| io.netty:netty-resolver-dns |
CVE-2026-45673 |
中危 |
4.1.94.Final |
4.2.15.Final, 4.1.135.Final |
netty-resolver-dns: Netty DNS resolver: DNS Cache Poisoning via predictable transaction IDs
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45673
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
|
| io.opentelemetry:opentelemetry-api |
CVE-2026-45292 |
中危 |
1.31.0 |
1.62.0 |
opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-28 17:16 修改: 2026-07-02 12:17
|
| io.projectreactor.netty:reactor-netty-http |
CVE-2025-22227 |
中危 |
1.0.39 |
1.3.0-M5, 1.2.8 |
io.projectreactor.netty/reactor-netty: Reactor Netty Credential Leak via Redirects
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22227
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-07-16 10:15 修改: 2026-06-17 08:45
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.apache.commons:commons-compress |
CVE-2024-25710 |
中危 |
1.24.0 |
1.26.0 |
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16
|
| org.apache.commons:commons-compress |
CVE-2024-26308 |
中危 |
1.24.0 |
1.26.0 |
commons-compress: OutOfMemoryError unpacking broken Pack200 file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:17
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.12.0 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.9 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| org.apache.james:apache-mime4j-core |
CVE-2024-21742 |
中危 |
0.8.9 |
0.8.10 |
Mime4J: Mime4J DOM header injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21742
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-02-27 17:15 修改: 2026-06-17 07:10
|
| org.apache.logging.log4j:log4j-1.2-api |
CVE-2026-34479 |
中危 |
2.19.0 |
2.25.4 |
org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34479
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-1.2-api |
CVE-2026-34479 |
中危 |
2.19.0 |
2.25.4 |
org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34479
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-1.2-api |
CVE-2026-34479 |
中危 |
2.19.0 |
2.25.4 |
org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34479
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-1.2-api |
CVE-2026-34479 |
中危 |
2.19.0 |
2.25.4 |
org.apache.logging.log4j/log4j-1.2-api: Apache Log4j 1-to-Log4j 2 bridge: Log processing denial of service due to improper XML escaping
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34479
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2025-68161 |
中危 |
2.12.4 |
2.25.3 |
Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34477 |
中危 |
2.12.4 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34480 |
中危 |
2.12.4 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2025-68161 |
中危 |
2.19.0 |
2.25.3 |
Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34477 |
中危 |
2.19.0 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34480 |
中危 |
2.19.0 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.poi:poi-ooxml |
CVE-2025-31672 |
中危 |
5.2.3 |
5.4.0 |
org.apache.poi/poi-ooxml: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31672
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-04-09 12:15 修改: 2026-06-17 09:10
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.bouncycastle:bc-fips |
CVE-2024-29857 |
中危 |
1.0.2.4 |
1.0.2.5 |
org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-05-14 15:17 修改: 2026-06-17 07:23
|
| org.bouncycastle:bc-fips |
CVE-2025-8885 |
中危 |
1.0.2.4 |
1.0.2.6, 2.0.1 |
bouncycastle: Bouncy Castle denial of service parsing ASN.1 Object Identifiers
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8885
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-08-12 10:15 修改: 2026-06-17 10:07
|
| org.bouncycastle:bcpkix-jdk18on |
CVE-2025-8916 |
中危 |
1.76 |
1.79 |
org.bouncycastle: BouncyCastle denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8916
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-08-13 10:15 修改: 2026-06-17 10:07
|
| org.bouncycastle:bcpkix-jdk18on |
CVE-2026-5588 |
中危 |
1.76 |
1.84 |
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:21
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2024-29857 |
中危 |
1.76 |
1.78 |
org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-05-14 15:17 修改: 2026-06-17 07:23
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2024-30171 |
中危 |
1.76 |
1.78 |
bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-05-14 15:21 修改: 2026-06-17 07:26
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2024-30172 |
中危 |
1.76 |
1.78 |
org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30172
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-05-14 15:21 修改: 2026-06-17 07:26
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2024-34447 |
中危 |
1.76 |
1.78 |
org.bouncycastle: Use of Incorrectly-Resolved Name or Reference
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34447
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-05-03 16:15 修改: 2026-06-17 07:33
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2025-8885 |
中危 |
1.76 |
1.78 |
bouncycastle: Bouncy Castle denial of service parsing ASN.1 Object Identifiers
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8885
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-08-12 10:15 修改: 2026-06-17 10:07
|
| org.bouncycastle:bcprov-jdk18on |
CVE-2026-0636 |
中危 |
1.76 |
1.84 |
bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-0636
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:17
|
| org.elasticsearch.plugin:x-pack-core |
CVE-2025-68390 |
中危 |
8.12.0 |
8.19.8, 9.1.8, 9.2.2 |
elasticsearch: Elasticsearch Allocation of Resources Without Limits or Throttling
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68390
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-12-18 23:15 修改: 2026-06-17 09:59
|
| org.elasticsearch.plugin:x-pack-security |
CVE-2025-68384 |
中危 |
8.12.0 |
8.19.9, 9.1.9, 9.2.3 |
elasticsearch: Elasticsearch Allocation of Resources Without Limits or Throttling
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68384
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-12-18 22:16 修改: 2026-06-17 09:59
|
| org.elasticsearch:elasticsearch |
CVE-2024-23444 |
中危 |
8.12.0 |
8.13.0, 7.17.23 |
Elasticsearch stores private key on disk unencrypted
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23444
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-07-31 18:15 修改: 2026-06-17 07:12
|
| org.elasticsearch:elasticsearch |
CVE-2024-23450 |
中危 |
8.12.0 |
7.17.19, 8.13.0 |
elasticsearch: Possible denial of service when processing documents in a deeply nested pipeline
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23450
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-03-27 17:15 修改: 2026-06-17 07:12
|
| org.elasticsearch:elasticsearch |
CVE-2024-23451 |
中危 |
8.12.0 |
8.13.0 |
elasticsearch: Incorrect authorization issue in Remote Cluster Security
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23451
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2024-03-27 18:15 修改: 2026-06-17 07:12
|
| org.elasticsearch:elasticsearch |
CVE-2024-43709 |
中危 |
8.12.0 |
7.17.21, 8.13.3 |
elasticsearch: Elasticsearch allocation of resources without limits or throttling leads to crash
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-43709
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-01-21 11:15 修改: 2026-06-17 07:51
|
| org.elasticsearch:elasticsearch |
CVE-2024-52979 |
中危 |
8.12.0 |
7.17.25, 8.16.0 |
elasticsearch: Elasticsearch Uncontrolled Resource Consumption vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52979
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-05-01 14:15 修改: 2026-06-17 08:07
|
| org.elasticsearch:elasticsearch |
CVE-2024-52980 |
中危 |
8.12.0 |
8.15.1 |
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52980
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-04-08 17:15 修改: 2026-06-17 08:07
|
| org.elasticsearch:elasticsearch |
CVE-2024-52981 |
中危 |
8.12.0 |
7.17.24, 8.15.1 |
Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52981
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-04-08 17:15 修改: 2026-06-17 08:07
|
| org.elasticsearch:elasticsearch |
CVE-2025-37727 |
中危 |
8.12.0 |
8.18.8, 8.19.5, 9.0.8, 9.1.5 |
org.elasticsearch/elasticsearch-core: Elasticsearch Insertion of sensitive information in log file
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-37727
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-10-10 10:15 修改: 2026-06-17 09:15
|
| org.elasticsearch:elasticsearch |
CVE-2025-37731 |
中危 |
8.12.0 |
8.19.8, 9.1.8, 9.2.2 |
elasticsearch: Elasticsearch: User impersonation due to improper authentication in Public Key Infrastructure (PKI) realm
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-37731
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-12-15 11:15 修改: 2026-06-17 09:15
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.15.0 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.15.0 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| io.netty:netty-codec-http |
CVE-2025-58056 |
低危 |
4.1.94.Final |
4.1.125.Final, 4.2.5.Final |
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43
|
| io.netty:netty-codec-http |
CVE-2025-58056 |
低危 |
4.1.94.Final |
4.1.125.Final, 4.2.5.Final |
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43
|
| io.netty:netty-handler-proxy |
CVE-2026-42578 |
低危 |
4.1.94.Final |
4.1.133.Final, 4.2.13.Final |
netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2025-58056 |
低危 |
4.1.94.Final |
4.1.125.Final, 4.2.5.Final |
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056
镜像层: sha256:7023b7ff97f63f973128e219d9b7eaa049d86e9d09ec9b97f531e4249b21b335
发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43
|