| org.apache.avro:avro |
CVE-2024-47561 |
严重 |
1.11.1 |
1.11.4 |
apache-avro: Schema parsing may trigger Remote Code Execution (RCE)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47561
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-10-03 11:15 修改: 2024-10-21 09:15
|
| org.springframework.security:spring-security-web |
CVE-2024-38821 |
严重 |
6.1.3 |
5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4 |
Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38821
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-10-28 07:15 修改: 2024-10-28 13:58
|
| com.google.protobuf:protobuf-java |
CVE-2024-7254 |
高危 |
3.23.3 |
3.25.5, 4.27.5, 4.28.2 |
protobuf: StackOverflow vulnerability in Protocol Buffers
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-09-19 01:15 修改: 2024-12-13 14:15
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2023-52428 |
高危 |
9.31 |
9.37.2 |
nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52428
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-02-11 05:15 修改: 2024-10-30 20:35
|
| io.netty:netty-codec-http2 |
GHSA-xpw8-rcwv-8f8p |
高危 |
4.1.97.Final |
4.1.100.Final |
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| io.projectreactor.netty:reactor-netty-core |
CVE-2023-34054 |
高危 |
1.1.10 |
1.1.13, 1.0.39 |
Reactor Netty HTTP Server denial of service vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34054
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-11-28 09:15 修改: 2023-12-04 19:59
|
| io.projectreactor.netty:reactor-netty-http |
CVE-2023-34062 |
高危 |
1.1.10 |
1.1.13, 1.0.39 |
reactor-netty-http: directory traversal vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34062
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-11-15 10:15 修改: 2023-11-21 20:11
|
| ch.qos.logback:logback-classic |
CVE-2023-6378 |
高危 |
1.4.11 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-11-29 12:15 修改: 2024-11-29 12:15
|
| org.apache.avro:avro |
CVE-2023-39410 |
高危 |
1.11.1 |
1.11.3 |
apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-39410
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-09-29 17:15 修改: 2024-06-21 19:15
|
| org.apache.commons:commons-compress |
CVE-2024-25710 |
高危 |
1.21 |
1.26.0 |
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-02-19 09:15 修改: 2024-03-07 17:15
|
| org.json:json |
CVE-2023-5072 |
高危 |
20230227 |
20231013 |
JSON-java: parser confusion leads to OOM
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5072
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-10-12 17:15 修改: 2024-06-21 19:15
|
| org.springframework.security:spring-security-core |
CVE-2024-22234 |
高危 |
6.1.3 |
6.1.7, 6.2.2 |
spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22234
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-02-20 07:15 修改: 2024-08-01 13:46
|
| org.springframework.security:spring-security-core |
CVE-2024-22257 |
高危 |
6.1.3 |
5.7.12, 5.8.11, 6.1.8, 6.2.3 |
spring-security: Broken Access Control With Direct Use of AuthenticatedVoter
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22257
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-03-18 15:15 修改: 2024-11-12 16:35
|
| ch.qos.logback:logback-core |
CVE-2023-6378 |
高危 |
1.4.11 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-11-29 12:15 修改: 2024-11-29 12:15
|
| org.springframework:spring-web |
CVE-2024-22243 |
高危 |
6.0.11 |
6.1.4, 6.0.17, 5.3.32 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22243
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-02-23 05:15 修改: 2024-08-22 15:35
|
| org.springframework:spring-web |
CVE-2024-22259 |
高危 |
6.0.11 |
6.1.5, 6.0.18, 5.3.33 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22259
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-03-16 05:15 修改: 2024-07-03 01:47
|
| org.springframework:spring-web |
CVE-2024-22262 |
高危 |
6.0.11 |
5.3.34, 6.0.19, 6.1.6 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22262
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-04-16 06:15 修改: 2024-08-27 14:35
|
| org.springframework:spring-webflux |
CVE-2024-38816 |
高危 |
6.0.11 |
6.1.13 |
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38816
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-09-13 06:15 修改: 2024-12-27 16:15
|
| org.springframework:spring-webflux |
CVE-2024-38819 |
高危 |
6.0.11 |
6.1.14 |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-12-19 18:15 修改: 2025-01-10 13:15
|
| org.xerial.snappy:snappy-java |
CVE-2023-34455 |
高危 |
1.1.10.0 |
1.1.10.1 |
snappy-java: Unchecked chunk length leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34455
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-06-15 18:15 修改: 2024-02-01 14:17
|
| org.xerial.snappy:snappy-java |
CVE-2023-43642 |
高危 |
1.1.10.0 |
1.1.10.4 |
snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-43642
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-09-25 20:15 修改: 2023-09-26 15:46
|
| software.amazon.ion:ion-java |
CVE-2024-21634 |
高危 |
1.0.2 |
1.10.5 |
ion-java: ion-java: Ion Java StackOverflow vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-21634
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-01-03 23:15 修改: 2024-01-10 16:38
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
30.1.1-jre |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-06-14 18:15 修改: 2024-02-13 19:15
|
| com.squareup.okio:okio |
CVE-2023-3635 |
中危 |
3.0.0 |
3.4.0, 1.17.6 |
okio: GzipSource class improper exception handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-07-12 19:15 修改: 2023-10-25 15:17
|
| org.springframework.security:spring-security-core |
CVE-2024-38827 |
中危 |
6.1.3 |
5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5 |
spring-security: authorization bypass for case sensitive comparisons
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38827
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-12-02 15:15 修改: 2024-12-02 15:15
|
| com.squareup.okio:okio-jvm |
CVE-2023-3635 |
中危 |
3.0.0 |
3.4.0 |
okio: GzipSource class improper exception handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-07-12 19:15 修改: 2023-10-25 15:17
|
| org.springframework:spring-context |
CVE-2024-38820 |
中危 |
6.0.11 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-10-18 06:15 修改: 2024-11-29 12:15
|
| io.netty:netty-codec-http |
CVE-2024-29025 |
中危 |
4.1.97.Final |
4.1.108.Final |
netty-codec-http: Allocation of Resources Without Limits or Throttling
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-03-25 20:15 修改: 2024-06-21 22:15
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.4.11 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-12-19 16:15 修改: 2025-01-03 14:15
|
| org.apache.commons:commons-compress |
CVE-2024-26308 |
中危 |
1.21 |
1.26.0 |
commons-compress: OutOfMemoryError unpacking broken Pack200 file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-26308
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-02-19 09:15 修改: 2024-03-21 19:54
|
| org.springframework:spring-web |
CVE-2024-38809 |
中危 |
6.0.11 |
5.3.38, 6.0.23, 6.1.12 |
org.springframework:spring-web: Spring Framework DoS via conditional HTTP request
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38809
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-09-27 17:15 修改: 2024-09-30 12:45
|
| org.apache.kafka:kafka-clients |
CVE-2024-31141 |
中危 |
3.5.0 |
3.7.1 |
kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-31141
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-11-19 09:15 修改: 2024-11-19 21:57
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.97.Final |
4.1.115 |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-11-12 16:15 修改: 2024-11-13 17:01
|
| org.springframework.boot:spring-boot-actuator |
CVE-2023-34055 |
中危 |
3.1.3 |
2.7.18, 3.0.13, 3.1.6 |
spring-boot: org.springframework.boot: spring-boot-actuator class vulnerable to denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34055
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-11-28 09:15 修改: 2023-12-21 22:15
|
| org.springframework.ldap:spring-ldap-core |
CVE-2024-38829 |
中危 |
3.1.1 |
3.2.8, 2.4.4 |
spring-ldap: Spring LDAP sensitive data exposure for case-sensitive comparisons
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38829
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-12-04 21:15 修改: 2024-12-10 15:15
|
| org.xerial.snappy:snappy-java |
CVE-2023-34453 |
中危 |
1.1.10.0 |
1.1.10.1 |
snappy-java: Integer overflow in shuffle leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34453
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-06-15 17:15 修改: 2023-06-27 15:59
|
| org.xerial.snappy:snappy-java |
CVE-2023-34454 |
中危 |
1.1.10.0 |
1.1.10.1 |
snappy-java: Integer overflow in compress leads to DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34454
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2023-06-15 17:15 修改: 2024-12-12 17:15
|
| org.springframework.security:spring-security-config |
CVE-2023-34042 |
中危 |
6.1.3 |
6.1.4, 6.0.7, 5.8.7, 5.7.11 |
spring-security-config: Incorrect Permission Assignment for spring-security.xsd
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34042
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-02-05 22:15 修改: 2024-11-29 12:15
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.4.11 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2024-12-19 17:15 修改: 2025-01-03 14:15
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
30.1.1-jre |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:c262670317fd7597f171d1672ad54cd68263b17b5e8a5b0c24713cb0acd5ca18
发布日期: 2020-12-10 23:15 修改: 2023-08-02 17:30
|