| com.fasterxml.jackson.core:jackson-databind |
CVE-2017-15095 |
严重 |
2.4.0 |
2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2 |
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-15095
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:07
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2017-15095 |
严重 |
2.4.0 |
2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2 |
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-15095
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:07
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2017-17485 |
严重 |
2.4.0 |
2.9.4, 2.8.11, 2.7.9.2 |
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17485
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2018-01-10 18:29 修改: 2026-06-17 01:10
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2017-17485 |
严重 |
2.4.0 |
2.9.4, 2.8.11, 2.7.9.2 |
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17485
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2018-01-10 18:29 修改: 2026-06-17 01:10
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2017-7525 |
严重 |
2.4.0 |
2.6.7.1, 2.7.9.1, 2.8.9 |
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7525
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:24
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2017-7525 |
严重 |
2.4.0 |
2.6.7.1, 2.7.9.1, 2.8.9 |
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7525
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:24
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-11307 |
严重 |
2.4.0 |
2.7.9.4, 2.8.11.2, 2.9.6 |
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-07-09 16:15 修改: 2026-06-17 01:35
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-11307 |
严重 |
2.4.0 |
2.7.9.4, 2.8.11.2, 2.9.6 |
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-07-09 16:15 修改: 2026-06-17 01:35
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-14718 |
严重 |
2.4.0 |
2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 |
jackson-databind: arbitrary code execution in slf4j-ext class
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-14718 |
严重 |
2.4.0 |
2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 |
jackson-databind: arbitrary code execution in slf4j-ext class
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-14719 |
严重 |
2.4.0 |
2.9.7, 2.8.11.3, 2.7.9.5 |
jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-14719 |
严重 |
2.4.0 |
2.9.7, 2.8.11.3, 2.7.9.5 |
jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-19362 |
严重 |
2.4.0 |
2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 |
jackson-databind: improper polymorphic deserialization in jboss-common-core class
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:49
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-19362 |
严重 |
2.4.0 |
2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 |
jackson-databind: improper polymorphic deserialization in jboss-common-core class
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:49
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-7489 |
严重 |
2.4.0 |
2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5 |
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2018-02-26 15:29 修改: 2026-06-17 02:03
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-7489 |
严重 |
2.4.0 |
2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5 |
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2018-02-26 15:29 修改: 2026-06-17 02:03
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14379 |
严重 |
2.4.0 |
2.9.9.2, 2.8.11.4, 2.7.9.6 |
jackson-databind: default typing mishandling leading to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-07-29 12:15 修改: 2026-06-17 02:18
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14379 |
严重 |
2.4.0 |
2.9.9.2, 2.8.11.4, 2.7.9.6 |
jackson-databind: default typing mishandling leading to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-07-29 12:15 修改: 2026-06-17 02:18
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14540 |
严重 |
2.4.0 |
2.9.10, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:18
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14540 |
严重 |
2.4.0 |
2.9.10, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:18
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16335 |
严重 |
2.4.0 |
2.9.10, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:22
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16335 |
严重 |
2.4.0 |
2.9.10, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:22
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16942 |
严重 |
2.4.0 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16942 |
严重 |
2.4.0 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16943 |
严重 |
2.4.0 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16943 |
严重 |
2.4.0 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-17267 |
严重 |
2.4.0 |
2.9.10, 2.8.11.5 |
jackson-databind: Serialization gadgets in classes of the ehcache package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-10-07 00:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-17267 |
严重 |
2.4.0 |
2.9.10, 2.8.11.5 |
jackson-databind: Serialization gadgets in classes of the ehcache package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-10-07 00:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-17531 |
严重 |
2.4.0 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-10-12 21:15 修改: 2026-06-17 02:24
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-17531 |
严重 |
2.4.0 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-10-12 21:15 修改: 2026-06-17 02:24
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-20330 |
严重 |
2.4.0 |
2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 |
jackson-databind: lacks certain net.sf.ehcache blocking
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-01-03 04:15 修改: 2026-06-17 02:30
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-20330 |
严重 |
2.4.0 |
2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 |
jackson-databind: lacks certain net.sf.ehcache blocking
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-01-03 04:15 修改: 2026-06-17 02:30
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-8840 |
严重 |
2.4.0 |
2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 |
jackson-databind: Lacks certain xbean-reflect/JNDI blocking
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-02-10 21:56 修改: 2026-06-17 03:27
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-8840 |
严重 |
2.4.0 |
2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 |
jackson-databind: Lacks certain xbean-reflect/JNDI blocking
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-02-10 21:56 修改: 2026-06-17 03:27
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9547 |
严重 |
2.4.0 |
2.9.10.4, 2.8.11.6, 2.7.9.7 |
jackson-databind: Serialization gadgets in ibatis-sqlmap
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9547 |
严重 |
2.4.0 |
2.9.10.4, 2.8.11.6, 2.7.9.7 |
jackson-databind: Serialization gadgets in ibatis-sqlmap
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9548 |
严重 |
2.4.0 |
2.9.10.4, 2.8.11.6, 2.7.9.7 |
jackson-databind: Serialization gadgets in anteros-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9548 |
严重 |
2.4.0 |
2.9.10.4, 2.8.11.6, 2.7.9.7 |
jackson-databind: Serialization gadgets in anteros-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28
|
| com.jamesmurty.utils:java-xmlbuilder |
CVE-2014-125087 |
严重 |
0.4 |
1.2 |
java-xmlbuilder: XMLBuilder2 is vulnerable to XML External Entity (XXE) injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2014-125087
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-02-19 17:15 修改: 2024-11-21 02:03
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2019-17195 |
严重 |
4.41.2 |
7.9 |
nimbus-jose-jwt: Uncaught exceptions while parsing a JWT
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17195
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-10-15 14:15 修改: 2026-06-17 02:23
|
| org.apache.avro:avro |
CVE-2024-47561 |
严重 |
1.7.7 |
1.11.4 |
apache-avro: Schema parsing may trigger Remote Code Execution (RCE)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-10-03 11:15 修改: 2026-06-17 07:57
|
| org.apache.hadoop:hadoop-common |
CVE-2021-37404 |
严重 |
2.7.7 |
3.3.2, 3.2.3, 2.10.2 |
hadoop-hdfs: Heap buffer overflow in Apache Hadoop libhdfs
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37404
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-06-13 07:15 修改: 2026-06-17 04:00
|
| org.apache.hadoop:hadoop-common |
CVE-2022-25168 |
严重 |
2.7.7 |
2.10.2, 3.2.4, 3.3.3 |
hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25168
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-08-04 15:15 修改: 2026-06-17 04:33
|
| org.apache.hadoop:hadoop-common |
CVE-2022-26612 |
严重 |
2.7.7 |
3.2.3, 2.10.2, 3.3.3 |
hadoop: Arbitrary file write in FileUtil#unpackEntries on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-26612
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-04-07 19:15 修改: 2026-06-17 04:35
|
| org.apache.ivy:ivy |
CVE-2022-37865 |
严重 |
2.4.0 |
2.5.1 |
apache-ivy: Directory Traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37865
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-11-07 11:15 修改: 2026-06-17 04:55
|
| org.postgresql:postgresql |
CVE-2024-1597 |
严重 |
42.4.3 |
42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 |
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1597
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-02-19 13:15 修改: 2026-06-17 07:04
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36518 |
高危 |
2.13.2 |
2.13.2.1, 2.12.6.1 |
jackson-databind: denial of service via a large depth of nested objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-03-11 07:15 修改: 2026-06-17 03:15
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42003 |
高危 |
2.13.2 |
2.12.7.1, 2.13.4.2 |
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42004 |
高危 |
2.13.2 |
2.12.7.1, 2.13.4 |
jackson-databind: use of deeply nested arrays
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.13.2 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.13.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| at.yawk.lz4:lz4-java |
CVE-2025-66566 |
高危 |
1.8.1 |
1.10.1 |
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66566
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-12-05 18:15 修改: 2026-06-17 09:57
|
| com.alipay.sofa:hessian |
CVE-2024-46983 |
高危 |
3.3.6 |
3.5.5 |
SOFA Hessian Remote Command Execution (RCE) Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-46983
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-09-19 23:15 修改: 2026-06-17 07:56
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-52999 |
高危 |
2.11.3 |
2.15.0 |
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-52999 |
高危 |
2.13.2 |
2.15.0 |
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-12022 |
高危 |
2.4.0 |
2.7.9.4, 2.8.11.2, 2.9.6 |
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-03-21 16:00 修改: 2026-06-17 01:37
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-12022 |
高危 |
2.4.0 |
2.7.9.4, 2.8.11.2, 2.9.6 |
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-03-21 16:00 修改: 2026-06-17 01:37
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-5968 |
高危 |
2.4.0 |
2.8.11.1, 2.9.4, 2.7.9.5 |
jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2018-01-22 04:29 修改: 2026-06-17 02:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-5968 |
高危 |
2.4.0 |
2.8.11.1, 2.9.4, 2.7.9.5 |
jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2018-01-22 04:29 修改: 2026-06-17 02:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12086 |
高危 |
2.4.0 |
2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-05-17 17:29 修改: 2026-06-17 02:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12086 |
高危 |
2.4.0 |
2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-05-17 17:29 修改: 2026-06-17 02:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14439 |
高危 |
2.4.0 |
2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: Polymorphic typing issue related to logback/JNDI
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-07-30 11:15 修改: 2026-06-17 02:18
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14439 |
高危 |
2.4.0 |
2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: Polymorphic typing issue related to logback/JNDI
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-07-30 11:15 修改: 2026-06-17 02:18
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14892 |
高危 |
2.4.0 |
2.6.7.3, 2.8.11.5, 2.9.10 |
jackson-databind: Serialization gadgets in classes of the commons-configuration package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-03-02 17:15 修改: 2026-06-17 02:19
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14892 |
高危 |
2.4.0 |
2.6.7.3, 2.8.11.5, 2.9.10 |
jackson-databind: Serialization gadgets in classes of the commons-configuration package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-03-02 17:15 修改: 2026-06-17 02:19
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10650 |
高危 |
2.4.0 |
2.9.10.4 |
A deserialization flaw was discovered in jackson-databind through 2.9. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-12-26 20:15 修改: 2026-06-17 02:48
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10650 |
高危 |
2.4.0 |
2.9.10.4 |
A deserialization flaw was discovered in jackson-databind through 2.9. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-12-26 20:15 修改: 2026-06-17 02:48
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10673 |
高危 |
2.4.0 |
2.9.10.4, 2.6.7.4 |
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-03-18 22:15 修改: 2026-06-17 02:48
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10673 |
高危 |
2.4.0 |
2.9.10.4, 2.6.7.4 |
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-03-18 22:15 修改: 2026-06-17 02:48
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-24616 |
高危 |
2.4.0 |
2.9.10.6 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-08-25 18:15 修改: 2026-06-17 03:05
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-24616 |
高危 |
2.4.0 |
2.9.10.6 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-08-25 18:15 修改: 2026-06-17 03:05
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-24750 |
高危 |
2.4.0 |
2.6.7.5, 2.9.10.6 |
jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-09-17 19:15 修改: 2026-06-17 03:06
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-24750 |
高危 |
2.4.0 |
2.6.7.5, 2.9.10.6 |
jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-09-17 19:15 修改: 2026-06-17 03:06
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35490 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35490 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35491 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35491 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35728 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-12-27 05:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35728 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-12-27 05:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36179 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36179 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36180 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36180 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36181 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36181 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36182 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36182 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36183 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36183 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36184 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36184 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36185 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36185 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36186 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36186 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36187 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36187 |
高危 |
2.4.0 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36188 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36188 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36189 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36189 |
高危 |
2.4.0 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36518 |
高危 |
2.4.0 |
2.13.2.1, 2.12.6.1 |
jackson-databind: denial of service via a large depth of nested objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-03-11 07:15 修改: 2026-06-17 03:15
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36518 |
高危 |
2.4.0 |
2.13.2.1, 2.12.6.1 |
jackson-databind: denial of service via a large depth of nested objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-03-11 07:15 修改: 2026-06-17 03:15
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2021-20190 |
高危 |
2.4.0 |
2.9.10.7, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-19 17:15 修改: 2026-06-17 03:33
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2021-20190 |
高危 |
2.4.0 |
2.9.10.7, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-19 17:15 修改: 2026-06-17 03:33
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42003 |
高危 |
2.4.0 |
2.12.7.1, 2.13.4.2 |
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42003 |
高危 |
2.4.0 |
2.12.7.1, 2.13.4.2 |
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42004 |
高危 |
2.4.0 |
2.12.7.1, 2.13.4 |
jackson-databind: use of deeply nested arrays
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42004 |
高危 |
2.4.0 |
2.12.7.1, 2.13.4 |
jackson-databind: use of deeply nested arrays
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| com.google.code.gson:gson |
CVE-2022-25647 |
高危 |
2.8.1 |
2.8.9 |
com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25647
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-05-01 16:15 修改: 2026-06-17 04:33
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.21.7 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| com.google.protobuf:protobuf-java |
CVE-2021-22569 |
高危 |
3.5.1 |
3.16.1, 3.18.2, 3.19.2 |
protobuf-java: potential DoS in the parsing procedure for binary data
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-01-10 14:10 修改: 2026-06-17 03:37
|
| com.google.protobuf:protobuf-java |
CVE-2022-3509 |
高危 |
3.5.1 |
3.16.3, 3.19.6, 3.20.3, 3.21.7 |
protobuf-java: Textformat parsing issue leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
|
| com.google.protobuf:protobuf-java |
CVE-2022-3510 |
高危 |
3.5.1 |
3.16.3, 3.19.6, 3.20.3, 3.21.7 |
protobuf-java: Message-Type Extensions parsing issue leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-12-12 13:15 修改: 2026-06-17 04:59
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.5.1 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-52999 |
高危 |
2.4.0 |
2.15.0 |
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-52999 |
高危 |
2.4.0 |
2.15.0 |
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2023-52428 |
高危 |
4.41.2 |
9.37.2 |
nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52428
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-02-11 05:15 修改: 2026-06-17 06:42
|
| com.squareup.okhttp3:okhttp |
CVE-2021-0341 |
高危 |
3.12.12 |
4.9.2 |
okhttp: information disclosure via improperly used cryptographic function
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-0341
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-02-10 17:15 修改: 2026-06-17 03:29
|
| commons-beanutils:commons-beanutils |
CVE-2025-48734 |
高危 |
1.9.4 |
1.11.0 |
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30
|
| commons-io:commons-io |
CVE-2024-47554 |
高危 |
2.5 |
2.14.0 |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
|
| commons-io:commons-io |
CVE-2024-47554 |
高危 |
2.7 |
2.14.0 |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
|
| io.grpc:grpc-netty-shaded |
CVE-2025-55163 |
高危 |
1.47.0 |
1.75.0 |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.netty:netty-all |
CVE-2019-16869 |
高危 |
4.1.17.Final |
4.1.42.Final |
netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16869
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-09-26 16:15 修改: 2026-06-17 02:22
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.72.Final |
4.1.133.Final |
netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.1.72.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.72.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.72.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2025-55163 |
高危 |
4.1.72.Final |
4.2.4.Final, 4.1.124.Final |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.netty:netty-codec-http2 |
CVE-2026-33871 |
高危 |
4.1.72.Final |
4.1.132.Final, 4.2.11.Final |
netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2026-42587 |
高危 |
4.1.72.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-05-13 19:17 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
GHSA-xpw8-rcwv-8f8p |
高危 |
4.1.72.Final |
4.1.100.Final |
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-10-10 22:22 修改: 2023-11-06 22:08
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.72.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-11 22:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.72.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-12 15:16 修改: 2026-07-03 13:17
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.72.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| net.minidev:json-smart |
CVE-2023-1370 |
高危 |
2.3 |
2.4.9 |
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1370
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-03-22 06:15 修改: 2026-06-17 05:27
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36518 |
高危 |
2.11.3 |
2.13.2.1, 2.12.6.1 |
jackson-databind: denial of service via a large depth of nested objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-03-11 07:15 修改: 2026-06-17 03:15
|
| org.apache.avro:avro |
CVE-2023-39410 |
高危 |
1.7.7 |
1.11.3 |
apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39410
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-09-29 17:15 修改: 2026-06-17 06:12
|
| org.apache.cassandra:cassandra-all |
CVE-2025-23015 |
高危 |
4.0.10 |
5.0.3, 4.1.8, 4.0.16, 3.11.18, 3.0.31 |
org.apache.cassandra:cassandra-all: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-23015
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-02-04 10:15 修改: 2026-06-17 08:51
|
| org.apache.commons:commons-compress |
CVE-2021-35515 |
高危 |
1.4.1 |
1.21 |
apache-commons-compress: infinite loop when reading a specially crafted 7Z archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35515
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57
|
| org.apache.commons:commons-compress |
CVE-2021-35516 |
高危 |
1.4.1 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35516
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57
|
| org.apache.commons:commons-compress |
CVE-2021-35517 |
高危 |
1.4.1 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35517
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57
|
| org.apache.commons:commons-compress |
CVE-2021-36090 |
高危 |
1.4.1 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36090
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:58
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2021-46877 |
高危 |
2.11.3 |
2.12.6, 2.13.1 |
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46877
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-03-18 22:15 修改: 2026-06-17 04:15
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42003 |
高危 |
2.11.3 |
2.12.7.1, 2.13.4.2 |
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42004 |
高危 |
2.11.3 |
2.12.7.1, 2.13.4 |
jackson-databind: use of deeply nested arrays
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| org.apache.hadoop:hadoop-common |
CVE-2017-7669 |
高危 |
2.7.7 |
2.8.1, 3.0.0-alpha3 |
Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7669
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2017-06-05 01:29 修改: 2026-06-17 01:24
|
| org.apache.hadoop:hadoop-common |
CVE-2020-9492 |
高危 |
2.7.7 |
3.2.2, 3.1.4, 2.10.1 |
hadoop: WebHDFS client might send SPNEGO authorization header
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9492
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-01-26 18:16 修改: 2026-06-17 03:28
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.11.3 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| org.apache.ivy:ivy |
CVE-2022-37866 |
高危 |
2.4.0 |
2.5.1 |
Ivy: Ivy Path traversal
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37866
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-11-07 14:15 修改: 2026-06-17 04:55
|
| org.apache.ivy:ivy |
CVE-2022-46751 |
高危 |
2.4.0 |
2.5.2 |
apache-ivy: XML External Entity vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46751
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-08-21 07:15 修改: 2026-06-17 05:12
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.11.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| org.postgresql:postgresql |
CVE-2026-42198 |
高危 |
42.4.3 |
42.7.11 |
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-04-29 16:16 修改: 2026-06-30 03:19
|
| org.xerial.snappy:snappy-java |
CVE-2023-34455 |
高危 |
1.0.5 |
1.1.10.1 |
snappy-java: Unchecked chunk length leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34455
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-06-15 18:15 修改: 2026-06-17 06:03
|
| org.xerial.snappy:snappy-java |
CVE-2023-43642 |
高危 |
1.0.5 |
1.1.10.4 |
snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43642
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-09-25 20:15 修改: 2026-06-17 06:26
|
| org.xerial.snappy:snappy-java |
CVE-2023-34455 |
高危 |
1.1.2.6 |
1.1.10.1 |
snappy-java: Unchecked chunk length leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34455
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-06-15 18:15 修改: 2026-06-17 06:03
|
| org.xerial.snappy:snappy-java |
CVE-2023-43642 |
高危 |
1.1.2.6 |
1.1.10.4 |
snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43642
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-09-25 20:15 修改: 2026-06-17 06:26
|
| org.yaml:snakeyaml |
CVE-2022-1471 |
高危 |
1.27 |
2.0 |
SnakeYaml: Constructor Deserialization Remote Code Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-12-01 11:15 修改: 2026-06-17 04:22
|
| org.yaml:snakeyaml |
CVE-2022-25857 |
高危 |
1.27 |
1.31 |
snakeyaml: Denial of Service due to missing nested depth limitation for collections
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25857
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-08-30 05:15 修改: 2026-06-17 04:34
|
| io.netty:netty-codec-http |
CVE-2022-24823 |
中危 |
4.1.72.Final |
4.1.77.Final |
netty: world readable temporary file containing sensitive data
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24823
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-05-06 12:15 修改: 2026-06-17 04:32
|
| io.netty:netty-codec-http |
CVE-2024-29025 |
中危 |
4.1.72.Final |
4.1.108.Final |
netty-codec-http: Allocation of Resources Without Limits or Throttling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-03-25 20:15 修改: 2026-06-17 07:22
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.1.72.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.72.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.72.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.72.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.72.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.1.72.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.4.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.google.guava:guava |
CVE-2018-10237 |
中危 |
22.0 |
24.1.1-android |
guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2018-04-26 21:29 修改: 2026-06-17 01:33
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
22.0 |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
31.0.1-android |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| io.netty:netty-codec-http2 |
CVE-2026-47244 |
中危 |
4.1.72.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-48043 |
中危 |
4.1.72.Final |
4.1.135.Final, 4.2.15.Final |
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-12 16:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2026-50560 |
中危 |
4.1.72.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.72.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.72.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-50193 |
中危 |
2.11.3 |
2.14.0 |
jackson-databind: Jackson-databind: Denial of Service via deeply nested JSON processing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50193
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:05
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.11.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.11.3 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| io.netty:netty-handler |
CVE-2023-34462 |
中危 |
4.1.72.Final |
4.1.94.Final |
netty: SniHandler 16MB allocation leads to OOM
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-06-22 23:15 修改: 2026-06-17 06:03
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.4.0 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| net.minidev:json-smart |
CVE-2021-27568 |
中危 |
2.3 |
1.3.2, 2.4.1, 2.3.1 |
json-smart: uncaught exception may lead to crash or information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27568
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-02-23 02:15 修改: 2026-06-17 03:45
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.13.2 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.google.protobuf:protobuf-java |
CVE-2022-3171 |
中危 |
3.5.1 |
3.21.7, 3.20.3, 3.19.6, 3.16.3 |
protobuf-java: timeout in parser leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-10-12 23:15 修改: 2026-06-17 04:58
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.11.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.apache.cassandra:cassandra-all |
CVE-2024-27137 |
中危 |
4.0.10 |
5.0.3, 4.1.8, 4.0.15 |
org.apache.cassandra:cassandra-all: Apache Cassandra: unrestricted deserialization of JMX authentication credentials
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-27137
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-02-04 11:15 修改: 2026-06-17 07:19
|
| org.apache.cassandra:cassandra-all |
CVE-2025-24860 |
中危 |
4.0.10 |
4.0.16, 4.1.8, 5.0.3 |
org.apache.cassandra:cassandra-all: Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24860
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-02-04 11:15 修改: 2026-06-17 08:59
|
| org.apache.cassandra:cassandra-all |
CVE-2026-27315 |
中危 |
4.0.10 |
4.0.20 |
Apache Cassandra has sensitive Information Leak in cqlsh
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27315
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-04-07 17:16 修改: 2026-06-17 10:27
|
| org.apache.commons:commons-compress |
CVE-2024-25710 |
中危 |
1.21 |
1.26.0 |
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16
|
| org.apache.commons:commons-compress |
CVE-2024-26308 |
中危 |
1.21 |
1.26.0 |
commons-compress: OutOfMemoryError unpacking broken Pack200 file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:17
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-49128 |
中危 |
2.11.3 |
2.13.0 |
com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-06-06 22:15 修改: 2026-06-17 09:30
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-49128 |
中危 |
2.4.0 |
2.13.0 |
com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-06-06 22:15 修改: 2026-06-17 09:30
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2025-53864 |
中危 |
4.41.2 |
10.0.2, 9.37.4 |
com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-07-11 03:16 修改: 2026-06-17 09:39
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-50193 |
中危 |
2.13.2 |
2.14.0 |
jackson-databind: Jackson-databind: Denial of Service via deeply nested JSON processing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50193
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:05
|
| org.apache.commons:commons-compress |
CVE-2024-25710 |
中危 |
1.4.1 |
1.26.0 |
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16
|
| org.apache.commons:commons-configuration2 |
CVE-2024-29131 |
中危 |
2.8.0 |
2.10.1 |
commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29131
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-03-21 09:15 修改: 2026-06-17 07:22
|
| org.apache.commons:commons-configuration2 |
CVE-2024-29133 |
中危 |
2.8.0 |
2.10.1 |
commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29133
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-03-21 09:15 修改: 2026-06-17 07:22
|
| org.apache.commons:commons-configuration2 |
CVE-2026-45205 |
中危 |
2.8.0 |
2.15.0 |
Uncontrolled Recursion vulnerability in Apache Commons. When processi ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45205
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-05-14 12:16 修改: 2026-06-17 10:51
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.12.0 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.6 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| com.squareup.okio:okio |
CVE-2023-3635 |
中危 |
1.15.0 |
3.4.0, 1.17.6 |
okio: GzipSource class improper exception handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-07-12 19:15 修改: 2026-06-17 06:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.13.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.13.2 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| commons-io:commons-io |
CVE-2021-29425 |
中危 |
2.5 |
2.7 |
apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29425
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2021-04-13 07:15 修改: 2026-06-17 03:47
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-49128 |
中危 |
2.4.0 |
2.13.0 |
com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-06-06 22:15 修改: 2026-06-17 09:30
|
| org.apache.httpcomponents:httpclient |
CVE-2020-13956 |
中危 |
4.5.3 |
4.5.13, 5.0.3 |
apache-httpclient: incorrect handling of malformed authority component in request URIs
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-12-02 17:15 修改: 2026-06-17 02:53
|
| commons-lang:commons-lang |
CVE-2025-48924 |
中危 |
2.6 |
|
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| commons-lang:commons-lang |
CVE-2025-48924 |
中危 |
2.6 |
|
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| commons-net:commons-net |
CVE-2021-37533 |
中危 |
3.1 |
3.9.0 |
apache-commons-net: FTP client trusts the host from PASV response by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37533
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-12-03 15:15 修改: 2026-06-17 04:00
|
| org.apache.logging.log4j:log4j-core |
CVE-2025-68161 |
中危 |
2.17.1 |
2.25.3 |
Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34477 |
中危 |
2.17.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34480 |
中危 |
2.17.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| io.fabric8:kubernetes-client |
CVE-2021-4178 |
中危 |
5.6.0 |
5.0.3, 5.1.2, 5.3.2, 5.7.4, 5.8.1, 5.10.2, 5.11.2 |
kubernetes-client: Insecure deserialization in unmarshalYaml method
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4178
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-08-24 16:15 修改: 2026-06-17 04:19
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12384 |
中危 |
2.4.0 |
2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-06-24 16:15 修改: 2026-06-17 02:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12384 |
中危 |
2.4.0 |
2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-06-24 16:15 修改: 2026-06-17 02:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12814 |
中危 |
2.4.0 |
2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-06-19 14:15 修改: 2026-06-17 02:15
|
| org.xerial.snappy:snappy-java |
CVE-2023-34453 |
中危 |
1.0.5 |
1.1.10.1 |
snappy-java: Integer overflow in shuffle leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34453
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-06-15 17:15 修改: 2026-06-17 06:03
|
| org.xerial.snappy:snappy-java |
CVE-2023-34454 |
中危 |
1.0.5 |
1.1.10.1 |
snappy-java: Integer overflow in compress leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34454
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-06-15 17:15 修改: 2026-06-17 06:03
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.72.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12814 |
中危 |
2.4.0 |
2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2019-06-19 14:15 修改: 2026-06-17 02:15
|
| org.xerial.snappy:snappy-java |
CVE-2023-34453 |
中危 |
1.1.2.6 |
1.1.10.1 |
snappy-java: Integer overflow in shuffle leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34453
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-06-15 17:15 修改: 2026-06-17 06:03
|
| org.xerial.snappy:snappy-java |
CVE-2023-34454 |
中危 |
1.1.2.6 |
1.1.10.1 |
snappy-java: Integer overflow in compress leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34454
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2023-06-15 17:15 修改: 2026-06-17 06:03
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.4.0 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.4.0 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| org.yaml:snakeyaml |
CVE-2022-38749 |
中危 |
1.27 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38749
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38750 |
中危 |
1.27 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38750
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38751 |
中危 |
1.27 |
1.31 |
snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38751
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38752 |
中危 |
1.27 |
1.32 |
snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38752
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-41854 |
中危 |
1.27 |
1.32 |
dev-java/snakeyaml: DoS via stack overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41854
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2022-11-11 13:15 修改: 2026-06-17 05:03
|
| io.netty:netty-handler-proxy |
CVE-2026-42578 |
低危 |
4.1.72.Final |
4.1.133.Final, 4.2.13.Final |
netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-05-13 19:17 修改: 2026-06-30 03:19
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
22.0 |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| io.netty:netty-codec-http |
CVE-2025-58056 |
低危 |
4.1.72.Final |
4.1.125.Final, 4.2.5.Final |
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43
|
| org.apache.cassandra:cassandra-all |
CVE-2026-32588 |
低危 |
4.0.10 |
4.0.20, 4.1.11, 5.0.7 |
Apache Cassandra: Apache Cassandra: Denial of Service via repeated password changes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-32588
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2026-04-07 17:16 修改: 2026-06-17 10:36
|
| commons-configuration:commons-configuration |
CVE-2025-46392 |
低危 |
1.10 |
|
apache-commons-configuration: Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46392
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-05-09 10:15 修改: 2026-06-17 09:26
|
| commons-configuration:commons-configuration |
CVE-2025-46392 |
低危 |
1.6 |
|
apache-commons-configuration: Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46392
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2025-05-09 10:15 修改: 2026-06-17 09:26
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
31.0.1-android |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| org.apache.hadoop:hadoop-common |
CVE-2024-23454 |
低危 |
2.7.7 |
3.4.0 |
Apache Hadoop: Temporary File Local Information Disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23454
镜像层: sha256:3f55d3c76578a1a57bee0e586278a1c7b497aed27790281eeb10c3ef7c875ac5
发布日期: 2024-09-25 08:15 修改: 2026-06-17 07:12
|