docker.io/pingcap/tispark:latest linux/amd64

docker.io/pingcap/tispark:latest - Trivy安全扫描结果 扫描时间: 2024-11-07 14:22
全部漏洞信息
低危漏洞:11 中危漏洞:66 高危漏洞:161 严重漏洞:74

系统OS: alpine 3.8.2 扫描引擎: Trivy 扫描时间: 2024-11-07 14:22

docker.io/pingcap/tispark:latest (alpine 3.8.2) (alpine)
低危漏洞:0 中危漏洞:1 高危漏洞:0 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
musl CVE-2019-14697 严重 1.1.19-r10 1.1.19-r11 musl libc through 1.1.23 has an x87 floating-point stack adjustment im ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14697

镜像层: sha256:767f936afb51c8a3ad9a96592a4be092048bb70f2ca410028a0b3f64b826acbb

发布日期: 2019-08-06 16:15 修改: 2023-03-03 17:43
musl-utils CVE-2019-14697 严重 1.1.19-r10 1.1.19-r11 musl libc through 1.1.23 has an x87 floating-point stack adjustment im ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14697

镜像层: sha256:767f936afb51c8a3ad9a96592a4be092048bb70f2ca410028a0b3f64b826acbb

发布日期: 2019-08-06 16:15 修改: 2023-03-03 17:43
libtasn1 CVE-2018-1000654 中危 4.13-r0 4.14-r0 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000654

镜像层: sha256:7c9f15a80d25afe2eeb05a8ad343e442fe8f9f5cc2e51dd538f1af41c83ef74a

发布日期: 2018-08-20 19:31 修改: 2023-11-07 02:51
Java (jar)
低危漏洞:11 中危漏洞:64 高危漏洞:159 严重漏洞:70
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
com.fasterxml.jackson.core:jackson-databind CVE-2017-15095 严重 2.4.0 2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-15095

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-02-06 15:29 修改: 2023-11-07 02:39
com.fasterxml.jackson.core:jackson-databind CVE-2017-17485 严重 2.4.0 2.9.4, 2.8.11, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17485

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-01-10 18:29 修改: 2023-06-08 18:00
com.fasterxml.jackson.core:jackson-databind CVE-2017-7525 严重 2.4.0 2.6.7.1, 2.7.9.1, 2.8.9 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7525

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-02-06 15:29 修改: 2023-11-07 02:50
com.fasterxml.jackson.core:jackson-databind CVE-2018-11307 严重 2.4.0 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-07-09 16:15 修改: 2024-04-03 17:40
com.fasterxml.jackson.core:jackson-databind CVE-2018-14718 严重 2.4.0 2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: arbitrary code execution in slf4j-ext class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-14719 严重 2.4.0 2.9.7, 2.8.11.3, 2.7.9.5 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-19362 严重 2.4.0 2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: improper polymorphic deserialization in jboss-common-core class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind CVE-2018-7489 严重 2.4.0 2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-02-26 15:29 修改: 2023-11-07 03:01
com.fasterxml.jackson.core:jackson-databind CVE-2019-14379 严重 2.4.0 2.9.9.2, 2.8.11.4, 2.7.9.6 jackson-databind: default typing mishandling leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-07-29 12:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14540 严重 2.4.0 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-16335 严重 2.4.0 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2019-16942 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-16943 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17267 严重 2.4.0 2.9.10, 2.8.11.5 jackson-databind: Serialization gadgets in classes of the ehcache package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-07 00:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17531 严重 2.4.0 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-12 21:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-20330 严重 2.4.0 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 jackson-databind: lacks certain net.sf.ehcache blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-01-03 04:15 修改: 2023-11-07 03:09
com.fasterxml.jackson.core:jackson-databind CVE-2020-8840 严重 2.4.0 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 jackson-databind: Lacks certain xbean-reflect/JNDI blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-02-10 21:56 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9547 严重 2.4.0 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in ibatis-sqlmap

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9548 严重 2.4.0 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in anteros-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2017-15095 严重 2.6.7.1 2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-15095

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-02-06 15:29 修改: 2023-11-07 02:39
com.fasterxml.jackson.core:jackson-databind CVE-2017-15095 严重 2.6.7.1 2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-15095

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-02-06 15:29 修改: 2023-11-07 02:39
com.fasterxml.jackson.core:jackson-databind CVE-2017-17485 严重 2.6.7.1 2.9.4, 2.8.11, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17485

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-01-10 18:29 修改: 2023-06-08 18:00
com.fasterxml.jackson.core:jackson-databind CVE-2017-17485 严重 2.6.7.1 2.9.4, 2.8.11, 2.7.9.2 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17485

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-01-10 18:29 修改: 2023-06-08 18:00
com.fasterxml.jackson.core:jackson-databind CVE-2018-11307 严重 2.6.7.1 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-07-09 16:15 修改: 2024-04-03 17:40
com.fasterxml.jackson.core:jackson-databind CVE-2018-11307 严重 2.6.7.1 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-07-09 16:15 修改: 2024-04-03 17:40
com.fasterxml.jackson.core:jackson-databind CVE-2018-14718 严重 2.6.7.1 2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: arbitrary code execution in slf4j-ext class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-14718 严重 2.6.7.1 2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: arbitrary code execution in slf4j-ext class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-14719 严重 2.6.7.1 2.9.7, 2.8.11.3, 2.7.9.5 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-14719 严重 2.6.7.1 2.9.7, 2.8.11.3, 2.7.9.5 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:53
com.fasterxml.jackson.core:jackson-databind CVE-2018-19362 严重 2.6.7.1 2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: improper polymorphic deserialization in jboss-common-core class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind CVE-2018-19362 严重 2.6.7.1 2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 jackson-databind: improper polymorphic deserialization in jboss-common-core class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-01-02 18:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind CVE-2018-7489 严重 2.6.7.1 2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-02-26 15:29 修改: 2023-11-07 03:01
com.fasterxml.jackson.core:jackson-databind CVE-2018-7489 严重 2.6.7.1 2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-02-26 15:29 修改: 2023-11-07 03:01
com.fasterxml.jackson.core:jackson-databind CVE-2019-14379 严重 2.6.7.1 2.9.9.2, 2.8.11.4, 2.7.9.6 jackson-databind: default typing mishandling leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-07-29 12:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14379 严重 2.6.7.1 2.9.9.2, 2.8.11.4, 2.7.9.6 jackson-databind: default typing mishandling leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-07-29 12:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14540 严重 2.6.7.1 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14540 严重 2.6.7.1 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-16335 严重 2.6.7.1 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2019-16335 严重 2.6.7.1 2.9.10, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-09-15 22:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2019-16942 严重 2.6.7.1 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-16942 严重 2.6.7.1 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-16943 严重 2.6.7.1 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-16943 严重 2.6.7.1 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-01 17:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17267 严重 2.6.7.1 2.9.10, 2.8.11.5 jackson-databind: Serialization gadgets in classes of the ehcache package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-07 00:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17267 严重 2.6.7.1 2.9.10, 2.8.11.5 jackson-databind: Serialization gadgets in classes of the ehcache package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-07 00:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17531 严重 2.6.7.1 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-12 21:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-17531 严重 2.6.7.1 2.9.10.1, 2.8.11.5, 2.6.7.3 jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-12 21:15 修改: 2023-11-07 03:06
com.fasterxml.jackson.core:jackson-databind CVE-2019-20330 严重 2.6.7.1 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 jackson-databind: lacks certain net.sf.ehcache blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-01-03 04:15 修改: 2023-11-07 03:09
com.fasterxml.jackson.core:jackson-databind CVE-2019-20330 严重 2.6.7.1 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 jackson-databind: lacks certain net.sf.ehcache blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-01-03 04:15 修改: 2023-11-07 03:09
com.fasterxml.jackson.core:jackson-databind CVE-2020-8840 严重 2.6.7.1 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 jackson-databind: Lacks certain xbean-reflect/JNDI blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-02-10 21:56 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-8840 严重 2.6.7.1 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 jackson-databind: Lacks certain xbean-reflect/JNDI blocking

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-02-10 21:56 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9547 严重 2.6.7.1 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in ibatis-sqlmap

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9547 严重 2.6.7.1 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in ibatis-sqlmap

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9548 严重 2.6.7.1 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in anteros-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
com.fasterxml.jackson.core:jackson-databind CVE-2020-9548 严重 2.6.7.1 2.9.10.4, 2.8.11.6, 2.7.9.7 jackson-databind: Serialization gadgets in anteros-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-02 04:15 修改: 2023-11-07 03:26
io.netty:netty CVE-2019-20444 严重 3.9.9.Final 4.0.0 netty: HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20444

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
io.netty:netty-codec-http CVE-2019-20444 严重 4.1.30.Final 4.1.44 netty: HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20444

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
log4j:log4j CVE-2019-17571 严重 1.2.17 log4j: deserialization of untrusted data in SocketServer

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17571

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-12-20 17:15 修改: 2023-11-07 03:06
log4j:log4j CVE-2022-23305 严重 1.2.17 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23305

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:30
log4j:log4j CVE-2022-23307 严重 1.2.17 log4j: Unsafe deserialization flaw in Chainsaw log viewer

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23307

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:29
org.apache.avro:avro CVE-2024-47561 严重 1.8.2 1.11.4 apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-10-03 11:15 修改: 2024-10-21 09:15
org.apache.calcite:calcite-core CVE-2022-39135 严重 1.2.0-incubating 1.32.0 calcite: XXE via SQL operators

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-39135

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-09-11 12:15 修改: 2023-11-06 19:38
org.apache.derby:derby CVE-2022-46337 严重 10.12.1.1 10.14.3, 10.15.2.1, 10.16.1.2, 10.17.1.0 A cleverly devised username might bypass LDAP authentication checks. I ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46337

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-11-20 09:15 修改: 2024-04-26 16:08
org.apache.hadoop:hadoop-common CVE-2021-37404 严重 2.7.3 3.3.2, 3.2.3, 2.10.2 hadoop-hdfs: Heap buffer overflow in Apache Hadoop libhdfs

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37404

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-06-13 07:15 修改: 2023-06-27 15:15
org.apache.hadoop:hadoop-common CVE-2022-25168 严重 2.7.3 2.10.2, 3.2.4, 3.3.3 hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25168

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-08-04 15:15 修改: 2023-06-26 11:15
org.apache.hadoop:hadoop-common CVE-2022-26612 严重 2.7.3 3.2.3 hadoop: Arbitrary file write in FileUtil#unpackEntries on Windows

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-26612

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-04-07 19:15 修改: 2023-08-08 14:21
org.apache.ivy:ivy CVE-2022-37865 严重 2.4.0 2.5.1 apache-ivy: Directory Traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37865

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-11-07 11:15 修改: 2023-11-07 03:49
org.apache.spark:spark-core_2.11 CVE-2018-17190 严重 2.4.3 Remote Code Execution in spark-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-17190

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-11-19 14:29 修改: 2023-11-07 02:54
org.apache.zookeeper:zookeeper CVE-2023-44981 严重 3.4.6 3.7.2, 3.8.3, 3.9.1 zookeeper: Authorization Bypass in Apache ZooKeeper

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44981

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-10-11 12:15 修改: 2024-06-21 19:15
org.codehaus.jackson:jackson-mapper-asl CVE-2019-10202 严重 1.9.13 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10202

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-01 15:15 修改: 2023-02-12 23:33
com.fasterxml.jackson.core:jackson-databind CVE-2021-20190 高危 2.4.0 2.9.10.7, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-19 17:15 修改: 2023-11-07 03:28
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.4.0 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-02 05:15 修改: 2023-12-20 10:15
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.4.0 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-02 05:15 修改: 2022-12-02 15:10
com.fasterxml.jackson.core:jackson-databind CVE-2018-12022 高危 2.4.0 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: improper polymorphic deserialization of types from Jodd-db library

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-03-21 16:00 修改: 2023-11-07 02:52
com.fasterxml.jackson.core:jackson-databind CVE-2018-5968 高危 2.4.0 2.8.11.1, 2.9.4, 2.7.9.5 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-01-22 04:29 修改: 2023-09-13 14:19
com.fasterxml.jackson.core:jackson-databind CVE-2019-12086 高危 2.4.0 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-05-17 17:29 修改: 2023-11-07 03:03
com.fasterxml.jackson.core:jackson-databind CVE-2019-14439 高危 2.4.0 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: Polymorphic typing issue related to logback/JNDI

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-07-30 11:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14892 高危 2.4.0 2.6.7.3, 2.8.11.5, 2.9.10 jackson-databind: Serialization gadgets in classes of the commons-configuration package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-02 17:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2020-10650 高危 2.4.0 2.9.10.4 A deserialization flaw was discovered in jackson-databind through 2.9. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-26 20:15 修改: 2023-08-18 14:15
com.fasterxml.jackson.core:jackson-databind CVE-2020-10673 高危 2.4.0 2.9.10.4, 2.6.7.4 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-18 22:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-24616 高危 2.4.0 2.9.10.6 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-08-25 18:15 修改: 2023-11-07 03:20
com.fasterxml.jackson.core:jackson-databind CVE-2020-24750 高危 2.4.0 2.6.7.5, 2.9.10.6 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-09-17 19:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2018-12022 高危 2.6.7.1 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: improper polymorphic deserialization of types from Jodd-db library

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-03-21 16:00 修改: 2023-11-07 02:52
com.fasterxml.jackson.core:jackson-databind CVE-2018-12022 高危 2.6.7.1 2.7.9.4, 2.8.11.2, 2.9.6 jackson-databind: improper polymorphic deserialization of types from Jodd-db library

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-03-21 16:00 修改: 2023-11-07 02:52
com.fasterxml.jackson.core:jackson-databind CVE-2018-5968 高危 2.6.7.1 2.8.11.1, 2.9.4, 2.7.9.5 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-01-22 04:29 修改: 2023-09-13 14:19
com.fasterxml.jackson.core:jackson-databind CVE-2018-5968 高危 2.6.7.1 2.8.11.1, 2.9.4, 2.7.9.5 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-01-22 04:29 修改: 2023-09-13 14:19
com.fasterxml.jackson.core:jackson-databind CVE-2019-12086 高危 2.6.7.1 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-05-17 17:29 修改: 2023-11-07 03:03
com.fasterxml.jackson.core:jackson-databind CVE-2019-12086 高危 2.6.7.1 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-05-17 17:29 修改: 2023-11-07 03:03
com.fasterxml.jackson.core:jackson-databind CVE-2019-14439 高危 2.6.7.1 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: Polymorphic typing issue related to logback/JNDI

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-07-30 11:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14439 高危 2.6.7.1 2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: Polymorphic typing issue related to logback/JNDI

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-07-30 11:15 修改: 2023-11-07 03:04
com.fasterxml.jackson.core:jackson-databind CVE-2019-14892 高危 2.6.7.1 2.6.7.3, 2.8.11.5, 2.9.10 jackson-databind: Serialization gadgets in classes of the commons-configuration package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-02 17:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2019-14892 高危 2.6.7.1 2.6.7.3, 2.8.11.5, 2.9.10 jackson-databind: Serialization gadgets in classes of the commons-configuration package

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-02 17:15 修改: 2023-11-07 03:05
com.fasterxml.jackson.core:jackson-databind CVE-2020-10650 高危 2.6.7.1 2.9.10.4 A deserialization flaw was discovered in jackson-databind through 2.9. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-26 20:15 修改: 2023-08-18 14:15
com.fasterxml.jackson.core:jackson-databind CVE-2020-10650 高危 2.6.7.1 2.9.10.4 A deserialization flaw was discovered in jackson-databind through 2.9. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-26 20:15 修改: 2023-08-18 14:15
com.fasterxml.jackson.core:jackson-databind CVE-2020-10673 高危 2.6.7.1 2.9.10.4, 2.6.7.4 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-18 22:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-10673 高危 2.6.7.1 2.9.10.4, 2.6.7.4 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-03-18 22:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-24616 高危 2.6.7.1 2.9.10.6 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-08-25 18:15 修改: 2023-11-07 03:20
com.fasterxml.jackson.core:jackson-databind CVE-2020-24616 高危 2.6.7.1 2.9.10.6 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-08-25 18:15 修改: 2023-11-07 03:20
com.fasterxml.jackson.core:jackson-databind CVE-2020-24750 高危 2.6.7.1 2.6.7.5, 2.9.10.6 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-09-17 19:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2020-24750 高危 2.6.7.1 2.6.7.5, 2.9.10.6 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-09-17 19:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2020-25649 高危 2.6.7.1 2.6.7.4, 2.9.10.7, 2.10.5.1 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25649

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-03 17:15 修改: 2023-11-07 03:20
com.fasterxml.jackson.core:jackson-databind CVE-2020-25649 高危 2.6.7.1 2.6.7.4, 2.9.10.7, 2.10.5.1 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-25649

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-03 17:15 修改: 2023-11-07 03:20
com.fasterxml.jackson.core:jackson-databind CVE-2020-35490 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind CVE-2020-35490 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind CVE-2020-35491 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind CVE-2020-35491 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
com.fasterxml.jackson.core:jackson-databind CVE-2020-35728 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-27 05:15 修改: 2023-11-07 03:22
com.fasterxml.jackson.core:jackson-databind CVE-2020-35728 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-27 05:15 修改: 2023-11-07 03:22
com.fasterxml.jackson.core:jackson-databind CVE-2020-36179 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36179 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36180 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36180 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36181 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36181 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36182 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36182 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36183 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2020-36183 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2020-36184 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36184 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36185 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36185 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36186 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36186 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36187 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36187 高危 2.6.7.1 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36188 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36188 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36189 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36189 高危 2.6.7.1 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 高危 2.6.7.1 2.13.2.1, 2.12.6.1 jackson-databind: denial of service via a large depth of nested objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-03-11 07:15 修改: 2022-11-29 22:12
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 高危 2.6.7.1 2.13.2.1, 2.12.6.1 jackson-databind: denial of service via a large depth of nested objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-03-11 07:15 修改: 2022-11-29 22:12
com.fasterxml.jackson.core:jackson-databind CVE-2021-20190 高危 2.6.7.1 2.9.10.7, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-19 17:15 修改: 2023-11-07 03:28
com.fasterxml.jackson.core:jackson-databind CVE-2021-20190 高危 2.6.7.1 2.9.10.7, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-19 17:15 修改: 2023-11-07 03:28
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.6.7.1 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-02 05:15 修改: 2023-12-20 10:15
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 高危 2.6.7.1 2.12.7.1, 2.13.4.2 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-02 05:15 修改: 2023-12-20 10:15
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.6.7.1 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-02 05:15 修改: 2022-12-02 15:10
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 高危 2.6.7.1 2.12.7.1, 2.13.4 jackson-databind: use of deeply nested arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-02 05:15 修改: 2022-12-02 15:10
com.google.code.gson:gson CVE-2022-25647 高危 2.2.4 2.8.9 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25647

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-05-01 16:15 修改: 2022-11-28 17:33
com.google.code.gson:gson CVE-2022-25647 高危 2.7 2.8.9 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25647

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-05-01 16:15 修改: 2022-11-28 17:33
com.google.protobuf:protobuf-java CVE-2021-22569 高危 2.5.0 3.16.1, 3.18.2, 3.19.2 protobuf-java: potential DoS in the parsing procedure for binary data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-10 14:10 修改: 2023-04-18 09:15
com.google.protobuf:protobuf-java CVE-2021-22569 高危 2.5.0 3.16.1, 3.18.2, 3.19.2 protobuf-java: potential DoS in the parsing procedure for binary data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-10 14:10 修改: 2023-04-18 09:15
com.google.protobuf:protobuf-java CVE-2021-22569 高危 2.5.0 3.16.1, 3.18.2, 3.19.2 protobuf-java: potential DoS in the parsing procedure for binary data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-10 14:10 修改: 2023-04-18 09:15
com.google.protobuf:protobuf-java CVE-2021-22569 高危 2.5.0 3.16.1, 3.18.2, 3.19.2 protobuf-java: potential DoS in the parsing procedure for binary data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-10 14:10 修改: 2023-04-18 09:15
com.google.protobuf:protobuf-java CVE-2021-22570 高危 2.5.0 3.15.0 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22570

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-26 14:15 修改: 2023-11-07 03:30
com.google.protobuf:protobuf-java CVE-2021-22570 高危 2.5.0 3.15.0 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22570

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-26 14:15 修改: 2023-11-07 03:30
com.google.protobuf:protobuf-java CVE-2021-22570 高危 2.5.0 3.15.0 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22570

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-26 14:15 修改: 2023-11-07 03:30
com.google.protobuf:protobuf-java CVE-2021-22570 高危 2.5.0 3.15.0 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22570

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-26 14:15 修改: 2023-11-07 03:30
com.google.protobuf:protobuf-java CVE-2022-3509 高危 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Textformat parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2022-12-15 16:57
com.google.protobuf:protobuf-java CVE-2022-3509 高危 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Textformat parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2022-12-15 16:57
com.google.protobuf:protobuf-java CVE-2022-3509 高危 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Textformat parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2022-12-15 16:57
com.google.protobuf:protobuf-java CVE-2022-3509 高危 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Textformat parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2022-12-15 16:57
com.google.protobuf:protobuf-java CVE-2022-3510 高危 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Message-Type Extensions parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2023-11-07 03:51
com.google.protobuf:protobuf-java CVE-2022-3510 高危 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Message-Type Extensions parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2023-11-07 03:51
com.google.protobuf:protobuf-java CVE-2022-3510 高危 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Message-Type Extensions parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2023-11-07 03:51
com.google.protobuf:protobuf-java CVE-2022-3510 高危 2.5.0 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Message-Type Extensions parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2023-11-07 03:51
com.google.protobuf:protobuf-java CVE-2024-7254 高危 2.5.0 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
com.google.protobuf:protobuf-java CVE-2024-7254 高危 2.5.0 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
com.google.protobuf:protobuf-java CVE-2024-7254 高危 2.5.0 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
com.google.protobuf:protobuf-java CVE-2024-7254 高危 2.5.0 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
com.google.protobuf:protobuf-java CVE-2021-22569 高危 3.3.0 3.16.1, 3.18.2, 3.19.2 protobuf-java: potential DoS in the parsing procedure for binary data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-10 14:10 修改: 2023-04-18 09:15
com.google.protobuf:protobuf-java CVE-2021-22570 高危 3.3.0 3.15.0 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22570

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-26 14:15 修改: 2023-11-07 03:30
com.google.protobuf:protobuf-java CVE-2022-3509 高危 3.3.0 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Textformat parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2022-12-15 16:57
com.google.protobuf:protobuf-java CVE-2022-3510 高危 3.3.0 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Message-Type Extensions parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2023-11-07 03:51
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.3.0 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
com.google.protobuf:protobuf-java CVE-2021-22569 高危 3.5.1 3.16.1, 3.18.2, 3.19.2 protobuf-java: potential DoS in the parsing procedure for binary data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22569

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-10 14:10 修改: 2023-04-18 09:15
com.google.protobuf:protobuf-java CVE-2021-22570 高危 3.5.1 3.15.0 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-22570

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-26 14:15 修改: 2023-11-07 03:30
com.google.protobuf:protobuf-java CVE-2022-3509 高危 3.5.1 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Textformat parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3509

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2022-12-15 16:57
com.google.protobuf:protobuf-java CVE-2022-3510 高危 3.5.1 3.16.3, 3.19.6, 3.20.3, 3.21.7 protobuf-java: Message-Type Extensions parsing issue leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3510

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-12 13:15 修改: 2023-11-07 03:51
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.5.1 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-09-19 01:15 修改: 2024-09-20 12:30
commons-beanutils:commons-beanutils CVE-2014-0114 高危 1.9.3 1.9.4 1: Class Loader manipulation via request parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2014-0114

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2014-04-30 10:49 修改: 2023-02-13 00:32
commons-beanutils:commons-beanutils CVE-2019-10086 高危 1.9.3 1.9.4 apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10086

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-08-20 21:15 修改: 2023-11-07 03:02
commons-io:commons-io CVE-2024-47554 高危 2.4 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-10-03 12:15 修改: 2024-10-04 13:50
io.airlift:aircompressor CVE-2024-36114 高危 0.10 0.27 Decompressors can crash the JVM and leak memory content in Aircompressor

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36114

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-05-29 21:15 修改: 2024-05-30 13:15
com.fasterxml.jackson.core:jackson-databind CVE-2020-35490 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
io.netty:netty CVE-2021-37136 高危 3.9.9.Final 4.0.0 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
io.netty:netty CVE-2021-37137 高危 3.9.9.Final 4.0.0 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
io.netty:netty-all CVE-2019-16869 高危 4.1.17.Final 4.1.42.Final netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16869

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-09-26 16:15 修改: 2023-11-07 03:06
io.netty:netty-all CVE-2019-16869 高危 4.1.17.Final 4.1.42.Final netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16869

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-09-26 16:15 修改: 2023-11-07 03:06
io.netty:netty-codec CVE-2021-37136 高危 4.1.30.Final 4.1.68.Final netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
io.netty:netty-codec CVE-2021-37137 高危 4.1.30.Final 4.1.68.Final netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-10-19 15:15 修改: 2023-11-07 03:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-35491 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-17 19:15 修改: 2022-09-08 21:32
io.netty:netty-codec-http2 GHSA-xpw8-rcwv-8f8p 高危 4.1.30.Final 4.1.100.Final io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
io.netty:netty-handler CVE-2020-11612 高危 4.1.30.Final 4.1.46 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-11612

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-04-07 18:15 修改: 2023-11-07 03:14
com.fasterxml.jackson.core:jackson-databind CVE-2020-35728 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-27 05:15 修改: 2023-11-07 03:22
com.fasterxml.jackson.core:jackson-databind CVE-2020-36179 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36180 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
log4j:log4j CVE-2021-4104 高危 1.2.17 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-4104

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-12-14 12:15 修改: 2023-12-22 09:15
log4j:log4j CVE-2022-23302 高危 1.2.17 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23302

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-18 16:15 修改: 2023-02-24 15:30
com.fasterxml.jackson.core:jackson-databind CVE-2020-36181 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
org.apache.avro:avro CVE-2023-39410 高危 1.8.2 1.11.3 apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39410

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-09-29 17:15 修改: 2024-06-21 19:15
com.fasterxml.jackson.core:jackson-databind CVE-2020-36182 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2024-07-03 01:36
org.apache.commons:commons-compress CVE-2021-35515 高危 1.8.1 1.21 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35515

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
org.apache.commons:commons-compress CVE-2021-35516 高危 1.8.1 1.21 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35516

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
org.apache.commons:commons-compress CVE-2021-35517 高危 1.8.1 1.21 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35517

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
org.apache.commons:commons-compress CVE-2021-36090 高危 1.8.1 1.21 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36090

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-07-13 08:15 修改: 2023-11-07 03:36
org.apache.commons:commons-compress CVE-2024-25710 高危 1.8.1 1.26.0 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-02-19 09:15 修改: 2024-03-07 17:15
com.fasterxml.jackson.core:jackson-databind CVE-2020-36183 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-07 00:15 修改: 2023-09-13 14:56
com.fasterxml.jackson.core:jackson-databind CVE-2020-36184 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2024-07-03 01:36
com.fasterxml.jackson.core:jackson-databind CVE-2020-36185 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
com.fasterxml.jackson.core:jackson-databind CVE-2020-36186 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
org.apache.hadoop:hadoop-common CVE-2016-6811 高危 2.7.3 2.7.4 hadoop: privilege escalation to root

漏洞详情: https://avd.aquasec.com/nvd/cve-2016-6811

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2017-04-11 14:59 修改: 2023-11-07 02:34
org.apache.hadoop:hadoop-common CVE-2017-7669 高危 2.7.3 2.8.1, 3.0.0-alpha3 Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7669

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2017-06-05 01:29 修改: 2017-06-09 16:21
org.apache.hadoop:hadoop-common CVE-2020-9492 高危 2.7.3 3.2.2, 3.1.4, 2.10.1 hadoop: WebHDFS client might send SPNEGO authorization header

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9492

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-26 18:16 修改: 2023-11-07 03:26
org.apache.hadoop:hadoop-yarn-server-common CVE-2021-33036 高危 2.7.3 2.10.2, 3.2.3, 3.3.2 hadoop: privilege escalation via yarn user

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-33036

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-06-15 15:15 修改: 2022-10-27 16:30
com.fasterxml.jackson.core:jackson-databind CVE-2020-36187 高危 2.4.0 2.9.10.8 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
org.apache.ivy:ivy CVE-2022-37866 高危 2.4.0 2.5.1 Ivy: Ivy Path traversal

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37866

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-11-07 14:15 修改: 2023-11-07 03:49
org.apache.ivy:ivy CVE-2022-46751 高危 2.4.0 2.5.2 apache-ivy: XML External Entity vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46751

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-08-21 07:15 修改: 2024-09-27 21:35
org.apache.mesos:mesos CVE-2018-11793 高危 1.4.0 1.4.3, 1.5.2, 1.6.2, 1.7.1 mesos: stack overflow vulnerability in parser

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11793

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-03-05 21:29 修改: 2023-11-07 02:51
org.apache.mesos:mesos CVE-2018-1330 高危 1.4.0 1.6.0 Crash when decoding malformed HTTP requests or malformed JSON payload

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1330

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-09-13 19:29 修改: 2023-11-07 02:55
org.apache.mesos:mesos CVE-2019-0204 高危 1.4.0 1.4.3, 1.5.3, 1.6.2, 1.7.2 mesos: docker image code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-0204

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-03-25 22:29 修改: 2023-11-07 03:01
com.fasterxml.jackson.core:jackson-databind CVE-2020-36188 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
org.apache.thrift:libthrift CVE-2018-1320 高危 0.9.3 0.9.3-1, 0.12.0 thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1320

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-01-07 17:29 修改: 2023-11-07 02:55
org.apache.thrift:libthrift CVE-2019-0205 高危 0.9.3 0.13.0 thrift: Endless loop when feed with specific input data

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-0205

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-10-29 19:15 修改: 2023-11-07 03:01
org.apache.thrift:libthrift CVE-2020-13949 高危 0.9.3 0.14.0 libthrift: potential DoS when processing untrusted payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13949

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-02-12 20:15 修改: 2023-11-07 03:17
com.fasterxml.jackson.core:jackson-databind CVE-2020-36189 高危 2.4.0 2.9.10.8, 2.6.7.5 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-01-06 23:15 修改: 2023-09-13 14:57
org.apache.zookeeper:zookeeper CVE-2017-5637 高危 3.4.6 3.4.10, 3.5.3 zookeeper: Incorrect input validation with wchp/wchc four letter words

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-5637

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2017-10-10 01:30 修改: 2023-11-07 02:49
org.apache.zookeeper:zookeeper CVE-2018-8012 高危 3.4.6 3.4.10, 3.5.4-beta zookeeper: No authentication or authorization is enforced when a server joins a quorum

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-8012

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-05-21 19:29 修改: 2023-11-07 03:01
com.fasterxml.jackson.core:jackson-databind CVE-2020-36518 高危 2.4.0 2.13.2.1, 2.12.6.1 jackson-databind: denial of service via a large depth of nested objects

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-03-11 07:15 修改: 2022-11-29 22:12
org.codehaus.jackson:jackson-mapper-asl CVE-2019-10172 高危 1.9.13 jackson-mapper-asl: XML external entity similar to CVE-2016-3720

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10172

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-11-18 17:15 修改: 2023-02-12 23:33
org.eclipse.jetty:jetty-server CVE-2018-12545 高危 9.3.24.v20180605 9.4.12.v20180830, 9.3.25.v20180904 jetty: large settings frames causing denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12545

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-03-27 20:29 修改: 2023-11-07 02:52
org.eclipse.jetty:jetty-server CVE-2021-28165 高危 9.3.24.v20180605 9.4.39, 10.0.2, 11.0.2 jetty: Resource exhaustion when receiving an invalid large TLS frame

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28165

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-04-01 15:15 修改: 2023-11-07 03:32
org.xerial.snappy:snappy-java CVE-2023-34455 高危 1.1.7.3 1.1.10.1 snappy-java: Unchecked chunk length leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34455

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-06-15 18:15 修改: 2024-02-01 14:17
org.xerial.snappy:snappy-java CVE-2023-43642 高危 1.1.7.3 1.1.10.4 snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43642

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-09-25 20:15 修改: 2023-09-26 15:46
org.yaml:snakeyaml CVE-2017-18640 高危 1.15 1.26 snakeyaml: Billion laughs attack via alias feature

漏洞详情: https://avd.aquasec.com/nvd/cve-2017-18640

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-12-12 03:15 修改: 2023-11-07 02:41
org.yaml:snakeyaml CVE-2022-1471 高危 1.15 2.0 SnakeYaml: Constructor Deserialization Remote Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-01 11:15 修改: 2024-06-21 19:15
org.yaml:snakeyaml CVE-2022-25857 高危 1.15 1.31 snakeyaml: Denial of Service due to missing nested depth limitation for collections

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25857

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-08-30 05:15 修改: 2024-03-15 11:15
xerces:xercesImpl CVE-2012-0881 高危 2.9.1 2.12.0 xml: xerces-j2 hash table collisions CPU usage DoS (oCERT-2011-003)

漏洞详情: https://avd.aquasec.com/nvd/cve-2012-0881

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2017-10-30 16:29 修改: 2023-02-13 00:23
xerces:xercesImpl CVE-2013-4002 高危 2.9.1 2.12.0 OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4002

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2013-07-23 11:03 修改: 2023-11-07 02:16
com.squareup.okio:okio CVE-2023-3635 中危 1.13.0 3.4.0, 1.17.6 okio: GzipSource class improper exception handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-07-12 19:15 修改: 2023-10-25 15:17
org.apache.calcite:calcite-core CVE-2020-13955 中危 1.2.0-incubating 1.26.0 Missing Authentication for Critical Function in Apache Calcite

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13955

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-10-09 13:15 修改: 2021-07-21 11:39
com.fasterxml.jackson.core:jackson-databind CVE-2019-12384 中危 2.6.7.1 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-06-24 16:15 修改: 2023-11-07 03:03
com.fasterxml.jackson.core:jackson-databind CVE-2019-12384 中危 2.6.7.1 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-06-24 16:15 修改: 2023-11-07 03:03
commons-httpclient:commons-httpclient CVE-2012-5783 中危 3.1 4.0 jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

漏洞详情: https://avd.aquasec.com/nvd/cve-2012-5783

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2012-11-04 22:55 修改: 2021-04-23 17:28
com.fasterxml.jackson.core:jackson-databind CVE-2019-12814 中危 2.6.7.1 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-06-19 14:15 修改: 2023-11-07 03:03
commons-io:commons-io CVE-2021-29425 中危 2.4 2.7 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29425

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-04-13 07:15 修改: 2023-11-07 03:32
org.apache.commons:commons-compress CVE-2018-11771 中危 1.8.1 1.18 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11771

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-08-16 15:29 修改: 2023-11-07 02:51
commons-net:commons-net CVE-2021-37533 中危 3.1 3.9.0 apache-commons-net: FTP client trusts the host from PASV response by default

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37533

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-12-03 15:15 修改: 2023-01-10 19:29
org.apache.derby:derby CVE-2018-1313 中危 10.12.1.1 10.14.2.0 derby: Externally-controlled input vulnerability allows remote attacker to boot a database under attacker's control

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1313

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-05-07 13:29 修改: 2023-11-07 02:55
com.fasterxml.jackson.core:jackson-databind CVE-2019-12814 中危 2.6.7.1 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-06-19 14:15 修改: 2023-11-07 03:03
com.fasterxml.jackson.core:jackson-databind CVE-2019-12384 中危 2.4.0 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-06-24 16:15 修改: 2023-11-07 03:03
com.google.protobuf:protobuf-java CVE-2022-3171 中危 2.5.0 3.21.7, 3.20.3, 3.19.6, 3.16.3 protobuf-java: timeout in parser leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-12 23:15 修改: 2023-11-07 03:50
com.google.protobuf:protobuf-java CVE-2022-3171 中危 2.5.0 3.21.7, 3.20.3, 3.19.6, 3.16.3 protobuf-java: timeout in parser leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-12 23:15 修改: 2023-11-07 03:50
io.netty:netty CVE-2019-20445 中危 3.9.9.Final 4.0.0 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20445

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
io.netty:netty CVE-2021-21290 中危 3.9.9.Final 4.0.0 netty: Information disclosure via the local system temporary directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21290

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-02-08 20:15 修改: 2023-11-07 03:29
io.netty:netty CVE-2021-21295 中危 3.9.9.Final 4.0.0 netty: possible request smuggling in HTTP/2 due missing validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21295

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-03-09 19:15 修改: 2023-11-07 03:29
org.apache.httpcomponents:httpclient CVE-2020-13956 中危 4.5.6 4.5.13, 5.0.3 apache-httpclient: incorrect handling of malformed authority component in request URIs

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-02 17:15 修改: 2023-11-07 03:17
io.netty:netty CVE-2021-21409 中危 3.9.9.Final 4.0.0 netty: Request smuggling via content-length header

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21409

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-03-30 15:15 修改: 2023-11-07 03:30
io.netty:netty CVE-2021-43797 中危 3.9.9.Final 4.0.0 netty: control chars in header names may lead to HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-12-09 19:15 修改: 2023-02-24 15:47
com.google.protobuf:protobuf-java CVE-2022-3171 中危 2.5.0 3.21.7, 3.20.3, 3.19.6, 3.16.3 protobuf-java: timeout in parser leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-12 23:15 修改: 2023-11-07 03:50
com.google.protobuf:protobuf-java CVE-2022-3171 中危 2.5.0 3.21.7, 3.20.3, 3.19.6, 3.16.3 protobuf-java: timeout in parser leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-12 23:15 修改: 2023-11-07 03:50
com.fasterxml.jackson.core:jackson-databind CVE-2019-12814 中危 2.4.0 2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-06-19 14:15 修改: 2023-11-07 03:03
com.google.guava:guava CVE-2018-10237 中危 11.0.2 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-04-26 21:29 修改: 2023-11-07 02:51
org.apache.mesos:mesos CVE-2018-8023 中危 1.4.0 1.4.2, 1.5.2, 1.6.1 mesos: Exposure of HMAC value via timing vulnerability in JWT validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-8023

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-09-21 13:29 修改: 2023-11-07 03:01
com.google.guava:guava CVE-2023-2976 中危 11.0.2 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
io.netty:netty-codec-http CVE-2021-21290 中危 4.1.30.Final 4.1.59.Final netty: Information disclosure via the local system temporary directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21290

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-02-08 20:15 修改: 2023-11-07 03:29
io.netty:netty-codec-http CVE-2021-43797 中危 4.1.30.Final 4.1.71.Final netty: control chars in header names may lead to HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-12-09 19:15 修改: 2023-02-24 15:47
io.netty:netty-codec-http CVE-2022-24823 中危 4.1.30.Final 4.1.77.Final netty: world readable temporary file containing sensitive data

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24823

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-05-06 12:15 修改: 2022-12-03 14:25
org.apache.thrift:libthrift CVE-2018-11798 中危 0.9.3 0.12.0 thrift: Improper Access Control grants access to files outside the webservers docroot path

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11798

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-01-07 17:29 修改: 2023-11-07 02:51
io.netty:netty-codec-http CVE-2024-29025 中危 4.1.30.Final 4.1.108.Final netty-codec-http: Allocation of Resources Without Limits or Throttling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-03-25 20:15 修改: 2024-06-21 22:15
com.google.guava:guava CVE-2018-10237 中危 14.0.1 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-04-26 21:29 修改: 2023-11-07 02:51
io.netty:netty-codec-http2 CVE-2021-21295 中危 4.1.30.Final 4.1.60.Final netty: possible request smuggling in HTTP/2 due missing validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21295

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-03-09 19:15 修改: 2023-11-07 03:29
org.apache.zookeeper:zookeeper CVE-2019-0201 中危 3.4.6 3.4.14, 3.5.5 zookeeper: Information disclosure in Apache ZooKeeper

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-0201

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-05-23 14:29 修改: 2023-11-07 03:01
io.netty:netty-codec-http2 CVE-2021-21409 中危 4.1.30.Final 4.1.61.Final netty: Request smuggling via content-length header

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21409

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-03-30 15:15 修改: 2023-11-07 03:30
com.google.guava:guava CVE-2018-10237 中危 14.0.1 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-04-26 21:29 修改: 2023-11-07 02:51
org.eclipse.jetty:jetty-http CVE-2023-40167 中危 9.3.24.v20180605 9.4.52, 10.0.16, 11.0.16, 12.0.1 jetty: Improper validation of HTTP/1 content-length

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40167

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-09-15 20:15 修改: 2023-10-13 01:59
io.netty:netty-handler CVE-2019-20445 中危 4.1.30.Final 4.1.45 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20445

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-01-29 21:15 修改: 2023-11-07 03:09
io.netty:netty-handler CVE-2023-34462 中危 4.1.30.Final 4.1.94.Final netty: SniHandler 16MB allocation leads to OOM

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-06-22 23:15 修改: 2024-06-21 19:15
org.eclipse.jetty:jetty-server CVE-2019-10241 中危 9.3.24.v20180605 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10241

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-04-22 20:29 修改: 2023-11-07 03:02
org.eclipse.jetty:jetty-server CVE-2019-10246 中危 9.3.24.v20180605 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 jetty: Directory Listing on Windows reveals Resource Base path

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10246

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-04-22 20:29 修改: 2023-11-07 03:02
org.eclipse.jetty:jetty-server CVE-2019-10247 中危 9.3.24.v20180605 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 jetty: error path information disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10247

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2019-04-22 20:29 修改: 2023-11-07 03:02
org.eclipse.jetty:jetty-server CVE-2023-26048 中危 9.3.24.v20180605 9.4.51.v20230217, 10.0.14, 11.0.14 jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26048

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-04-18 21:15 修改: 2023-09-30 15:15
org.eclipse.jetty:jetty-server CVE-2024-8184 中危 9.3.24.v20180605 12.0.9, 10.0.24, 11.0.24, 9.4.56 org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-8184

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-10-14 16:15 修改: 2024-10-15 12:57
org.eclipse.jetty:jetty-servlets CVE-2021-28169 中危 9.3.24.v20180605 9.4.41, 10.0.3, 11.0.3 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28169

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-06-09 02:15 修改: 2023-11-07 03:32
org.eclipse.jetty:jetty-servlets CVE-2024-9823 中危 9.3.24.v20180605 9.4.54, 10.0.18, 11.0.18 org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9823

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-10-14 15:15 修改: 2024-10-15 12:57
org.iq80.snappy:snappy CVE-2024-36124 中危 0.2 0.5 snappy: tries to read outside the bounds of the given byte arrays

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36124

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-06-03 15:15 修改: 2024-06-03 19:23
com.google.protobuf:protobuf-java CVE-2022-3171 中危 3.3.0 3.21.7, 3.20.3, 3.19.6, 3.16.3 protobuf-java: timeout in parser leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-12 23:15 修改: 2023-11-07 03:50
com.google.guava:guava CVE-2018-10237 中危 14.0.1 24.1.1-android guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2018-04-26 21:29 修改: 2023-11-07 02:51
org.xerial.snappy:snappy-java CVE-2023-34453 中危 1.1.7.3 1.1.10.1 snappy-java: Integer overflow in shuffle leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34453

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-06-15 17:15 修改: 2023-06-27 15:59
org.xerial.snappy:snappy-java CVE-2023-34454 中危 1.1.7.3 1.1.10.1 snappy-java: Integer overflow in compress leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34454

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-06-15 17:15 修改: 2023-06-27 16:04
com.google.guava:guava CVE-2023-2976 中危 14.0.1 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
com.google.guava:guava CVE-2023-2976 中危 14.0.1 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
com.google.guava:guava CVE-2023-2976 中危 14.0.1 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
org.yaml:snakeyaml CVE-2022-38749 中危 1.15 1.31 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38749

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
org.yaml:snakeyaml CVE-2022-38750 中危 1.15 1.31 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38750

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
org.yaml:snakeyaml CVE-2022-38751 中危 1.15 1.31 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38751

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
org.yaml:snakeyaml CVE-2022-38752 中危 1.15 1.32 snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38752

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-09-05 10:15 修改: 2024-03-15 11:15
org.yaml:snakeyaml CVE-2022-41854 中危 1.15 1.32 dev-java/snakeyaml: DoS via stack overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41854

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-11-11 13:15 修改: 2024-06-21 19:15
com.google.guava:guava CVE-2023-2976 中危 26.0-android 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
com.google.protobuf:protobuf-java CVE-2022-3171 中危 3.5.1 3.21.7, 3.20.3, 3.19.6, 3.16.3 protobuf-java: timeout in parser leads to DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-3171

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-10-12 23:15 修改: 2023-11-07 03:50
xerces:xercesImpl CVE-2009-2625 中危 2.9.1 2.10.0 JDK: XML parsing Denial-Of-Service (6845701)

漏洞详情: https://avd.aquasec.com/nvd/cve-2009-2625

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2009-08-06 15:30 修改: 2023-11-07 02:04
xerces:xercesImpl CVE-2020-14338 中危 2.9.1 2.12.0.sp3 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-14338

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-09-17 15:15 修改: 2023-11-07 03:17
xerces:xercesImpl CVE-2022-23437 中危 2.9.1 2.12.2 xerces-j2: infinite loop when handling specially crafted XML document payloads

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23437

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-01-24 15:15 修改: 2023-08-08 14:22
org.eclipse.jetty:jetty-server CVE-2023-26049 低危 9.3.24.v20180605 9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0 jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26049

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-04-18 21:15 修改: 2024-02-01 15:36
org.eclipse.jetty:jetty-http CVE-2024-6763 低危 9.3.24.v20180605 12.0.12 org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-10-14 16:15 修改: 2024-10-15 12:57
com.google.guava:guava CVE-2020-8908 低危 11.0.2 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
org.eclipse.jetty:jetty-servlets CVE-2023-36479 低危 9.3.24.v20180605 9.4.52, 10.0.16, 11.0.16 jetty: Improper addition of quotation marks to user inputs in CgiServlet

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36479

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-09-15 19:15 修改: 2023-10-16 19:20
com.google.guava:guava CVE-2020-8908 低危 26.0-android 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
org.apache.hadoop:hadoop-common CVE-2024-23454 低危 2.7.3 3.4.0 Apache Hadoop: Temporary File Local Information Disclosure

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23454

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2024-09-25 08:15 修改: 2024-11-05 20:35
com.google.guava:guava CVE-2020-8908 低危 14.0.1 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
com.google.guava:guava CVE-2020-8908 低危 14.0.1 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
com.google.guava:guava CVE-2020-8908 低危 14.0.1 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
org.eclipse.jetty:jetty-http CVE-2022-2047 低危 9.3.24.v20180605 9.4.47, 10.0.10, 11.0.10 jetty-http: improver hostname input handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2047

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-07-07 21:15 修改: 2022-10-25 19:10
org.eclipse.jetty:jetty-server CVE-2021-34428 低危 9.3.24.v20180605 9.4.41, 10.0.3, 11.0.3 jetty: SessionListener can prevent a session from being invalidated breaking logout

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-34428

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2021-06-22 15:15 修改: 2023-11-07 03:35
Python (python-pkg)
低危漏洞:0 中危漏洞:1 高危漏洞:2 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
pyspark CVE-2020-9480 严重 2.4.3 2.4.6 apache-spark: RCE vulnerability in auth-enabled standalone master

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9480

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2020-06-23 22:15 修改: 2023-11-07 03:26
pyspark CVE-2023-22946 严重 2.4.3 3.3.2 Apache Spark vulnerable to Improper Privilege Management

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22946

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2023-04-17 08:15 修改: 2023-04-26 23:00
pyspark CVE-2021-38296 高危 2.4.3 3.1.3 Authentication Bypass by Capture-replay in Apache Spark

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-38296

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-03-10 09:15 修改: 2023-02-09 02:02
pyspark CVE-2022-33891 高危 2.4.3 3.2.2 apache-spark: Apache Spark shell command injection vulnerability via Spark UI

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-33891

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-07-18 07:15 修改: 2023-08-02 17:21
pyspark CVE-2022-31777 中危 2.4.3 3.2.2, 3.3.1 apache-spark: XSS vulnerability in log viewer UI Javascript

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31777

镜像层: sha256:3bc93f2f34422c422549bb63698809f2cf12e94a0c989d8ac319bcfba2009654

发布日期: 2022-11-01 16:15 修改: 2022-11-29 17:58