| com.fasterxml.jackson.core:jackson-databind |
CVE-2017-15095 |
严重 |
2.5.3 |
2.8.11, 2.9.4, 2.6.7.3, 2.7.9.2 |
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-15095
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:07
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2017-17485 |
严重 |
2.5.3 |
2.9.4, 2.8.11, 2.7.9.2 |
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-17485
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-01-10 18:29 修改: 2026-06-17 01:10
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2017-7525 |
严重 |
2.5.3 |
2.6.7.1, 2.7.9.1, 2.8.9 |
jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7525
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-02-06 15:29 修改: 2026-06-17 01:24
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-11307 |
严重 |
2.5.3 |
2.7.9.4, 2.8.11.2, 2.9.6 |
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11307
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-07-09 16:15 修改: 2026-06-17 01:35
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-14718 |
严重 |
2.5.3 |
2.9.7, 2.8.11.3, 2.7.9.5, 2.6.7.3 |
jackson-databind: arbitrary code execution in slf4j-ext class
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14718
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-14719 |
严重 |
2.5.3 |
2.9.7, 2.8.11.3, 2.7.9.5 |
jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-14719
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:41
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-19362 |
严重 |
2.5.3 |
2.9.8, 2.8.11.3, 2.7.9.5, 2.6.7.3 |
jackson-databind: improper polymorphic deserialization in jboss-common-core class
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-19362
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-01-02 18:29 修改: 2026-06-17 01:49
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-7489 |
严重 |
2.5.3 |
2.8.11.1, 2.9.5, 2.7.9.3, 2.6.7.5 |
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7489
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-02-26 15:29 修改: 2026-06-17 02:03
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14379 |
严重 |
2.5.3 |
2.9.9.2, 2.8.11.4, 2.7.9.6 |
jackson-databind: default typing mishandling leading to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14379
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-07-29 12:15 修改: 2026-06-17 02:18
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14540 |
严重 |
2.5.3 |
2.9.10, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14540
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:18
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16335 |
严重 |
2.5.3 |
2.9.10, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16335
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-09-15 22:15 修改: 2026-06-17 02:22
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16942 |
严重 |
2.5.3 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16942
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-16943 |
严重 |
2.5.3 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16943
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-10-01 17:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-17267 |
严重 |
2.5.3 |
2.9.10, 2.8.11.5 |
jackson-databind: Serialization gadgets in classes of the ehcache package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17267
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-10-07 00:15 修改: 2026-06-17 02:23
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-17531 |
严重 |
2.5.3 |
2.9.10.1, 2.8.11.5, 2.6.7.3 |
jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17531
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-10-12 21:15 修改: 2026-06-17 02:24
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-20330 |
严重 |
2.5.3 |
2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.2 |
jackson-databind: lacks certain net.sf.ehcache blocking
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20330
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-01-03 04:15 修改: 2026-06-17 02:30
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-8840 |
严重 |
2.5.3 |
2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 |
jackson-databind: Lacks certain xbean-reflect/JNDI blocking
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8840
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-02-10 21:56 修改: 2026-06-17 03:27
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9547 |
严重 |
2.5.3 |
2.9.10.4, 2.8.11.6, 2.7.9.7 |
jackson-databind: Serialization gadgets in ibatis-sqlmap
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9547
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-9548 |
严重 |
2.5.3 |
2.9.10.4, 2.8.11.6, 2.7.9.7 |
jackson-databind: Serialization gadgets in anteros-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-9548
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-03-02 04:15 修改: 2026-06-17 03:28
|
| com.h2database:h2 |
CVE-2021-42392 |
严重 |
1.4.187 |
2.0.206 |
h2: Remote Code Execution in Console
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42392
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-01-10 14:10 修改: 2026-06-17 04:09
|
| com.h2database:h2 |
CVE-2022-23221 |
严重 |
1.4.187 |
2.1.210 |
h2: Loading of custom classes from remote servers through JNDI
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-23221
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-01-19 17:15 修改: 2026-06-17 04:29
|
| com.hazelcast:hazelcast |
CVE-2022-36437 |
严重 |
3.8 |
3.12.13, 4.1.10, 4.2.6, 5.0.4, 5.1.3 |
hazelcast: Hazelcast connection caching
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-36437
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-12-29 23:15 修改: 2026-06-17 04:53
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2019-17195 |
严重 |
4.12 |
7.9 |
nimbus-jose-jwt: Uncaught exceptions while parsing a JWT
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-17195
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-10-15 14:15 修改: 2026-06-17 02:23
|
| org.hsqldb:hsqldb |
CVE-2022-41853 |
严重 |
2.3.1 |
2.7.1 |
hsqldb: Untrusted input may lead to RCE attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41853
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-10-06 18:17 修改: 2026-06-17 05:03
|
| org.liquibase:liquibase-core |
CVE-2022-0839 |
严重 |
3.1.0 |
4.8.0 |
liquibase: Improper Restriction of XML External Entity
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0839
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-03-04 15:15 修改: 2026-06-17 04:21
|
| org.postgresql:postgresql |
CVE-2024-1597 |
严重 |
9.4.1208.jre7 |
42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 |
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1597
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-02-19 13:15 修改: 2026-06-17 07:04
|
| org.springframework:spring-beans |
CVE-2022-22965 |
严重 |
4.3.2.RELEASE |
5.2.20.RELEASE, 5.3.18 |
spring-framework: RCE via Data Binding on JDK 9+
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22965
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-04-01 23:15 修改: 2026-06-17 04:29
|
| org.springframework:spring-web |
CVE-2016-1000027 |
严重 |
4.3.2.RELEASE |
6.0.0 |
spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000027
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-01-02 23:15 修改: 2024-11-21 02:42
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10673 |
高危 |
2.5.3 |
2.9.10.4, 2.6.7.4 |
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10673
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-03-18 22:15 修改: 2026-06-17 02:48
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-24616 |
高危 |
2.5.3 |
2.9.10.6 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24616
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-08-25 18:15 修改: 2026-06-17 03:05
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-24750 |
高危 |
2.5.3 |
2.6.7.5, 2.9.10.6 |
jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-24750
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-09-17 19:15 修改: 2026-06-17 03:06
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35490 |
高危 |
2.5.3 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35490
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35491 |
高危 |
2.5.3 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35491
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-12-17 19:15 修改: 2026-06-17 03:13
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-35728 |
高危 |
2.5.3 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-35728
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-12-27 05:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36179 |
高危 |
2.5.3 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36179
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36180 |
高危 |
2.5.3 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36180
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36181 |
高危 |
2.5.3 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36181
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36182 |
高危 |
2.5.3 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36182
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36183 |
高危 |
2.5.3 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36183
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-07 00:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36184 |
高危 |
2.5.3 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36184
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36185 |
高危 |
2.5.3 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36185
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36186 |
高危 |
2.5.3 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36186
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36187 |
高危 |
2.5.3 |
2.9.10.8 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36187
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36188 |
高危 |
2.5.3 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36188
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36189 |
高危 |
2.5.3 |
2.9.10.8, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36189
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-06 23:15 修改: 2026-06-17 03:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-36518 |
高危 |
2.5.3 |
2.13.2.1, 2.12.6.1 |
jackson-databind: denial of service via a large depth of nested objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-36518
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-03-11 07:15 修改: 2026-06-17 03:15
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2021-20190 |
高危 |
2.5.3 |
2.9.10.7, 2.6.7.5 |
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-20190
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-01-19 17:15 修改: 2026-06-17 03:33
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42003 |
高危 |
2.5.3 |
2.12.7.1, 2.13.4.2 |
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42003
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2022-42004 |
高危 |
2.5.3 |
2.12.7.1, 2.13.4 |
jackson-databind: use of deeply nested arrays
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-42004
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-10-02 05:15 修改: 2026-06-17 05:04
|
| com.google.code.gson:gson |
CVE-2022-25647 |
高危 |
2.1 |
2.8.9 |
com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25647
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-05-01 16:15 修改: 2026-06-17 04:33
|
| ch.qos.logback:logback-core |
CVE-2023-6378 |
高危 |
1.2.3 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-11-29 12:15 修改: 2026-06-17 06:50
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-52999 |
高危 |
2.5.3 |
2.15.0 |
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
|
| ch.qos.logback:logback-classic |
CVE-2023-6378 |
高危 |
1.2.3 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-11-29 12:15 修改: 2026-06-17 06:50
|
| com.hazelcast:hazelcast |
CVE-2016-10750 |
高危 |
3.8 |
3.11 |
hazelcast: java deserialization in join cluster procedure leading to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-10750
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-05-22 14:29 修改: 2026-06-17 00:40
|
| com.hazelcast:hazelcast |
CVE-2023-33265 |
高危 |
3.8 |
5.2.4, 5.1.7, 5.0.5 |
Hazelcast Executor Services don't check client permissions properly
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33265
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-07-18 16:15 修改: 2026-06-17 06:01
|
| com.hazelcast:hazelcast |
CVE-2023-45859 |
高危 |
3.8 |
5.2.5, 5.3.5 |
Missing permission checks on Hazelcast client protocol
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45859
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-02-28 22:15 修改: 2026-06-17 06:29
|
| com.hazelcast:hazelcast |
CVE-2023-45860 |
高危 |
3.8 |
5.3.5, 5.2.5 |
Hazelcast: Permission checking in CSV File Source connector
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45860
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-02-16 10:15 修改: 2026-06-17 06:29
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-12022 |
高危 |
2.5.3 |
2.7.9.4, 2.8.11.2, 2.9.6 |
jackson-databind: improper polymorphic deserialization of types from Jodd-db library
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12022
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-03-21 16:00 修改: 2026-06-17 01:37
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2017-12972 |
高危 |
4.12 |
4.39 |
Nimbus JOSE+JWT missing overflow check
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-12972
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2017-08-20 16:29 修改: 2026-06-17 01:04
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2017-12974 |
高危 |
4.12 |
4.36 |
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-12974
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2017-08-20 16:29 修改: 2026-06-17 01:04
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2023-52428 |
高危 |
4.12 |
9.37.2 |
nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-52428
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-02-11 05:15 修改: 2026-06-17 06:42
|
| commons-beanutils:commons-beanutils |
CVE-2014-0114 |
高危 |
1.8.3 |
1.9.4 |
1: Class Loader manipulation via request parameters
漏洞详情: https://avd.aquasec.com/nvd/cve-2014-0114
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2014-04-30 10:49 修改: 2026-05-06 22:30
|
| commons-beanutils:commons-beanutils |
CVE-2019-10086 |
高危 |
1.8.3 |
1.9.4 |
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10086
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-08-20 21:15 修改: 2026-06-17 02:10
|
| commons-beanutils:commons-beanutils |
CVE-2025-48734 |
高危 |
1.8.3 |
1.11.0 |
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30
|
| commons-fileupload:commons-fileupload |
CVE-2023-24998 |
高危 |
1.3.3 |
1.5 |
FileUpload: FileUpload DoS with excessive parts
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24998
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-02-20 16:15 修改: 2026-06-17 05:40
|
| commons-fileupload:commons-fileupload |
CVE-2025-48976 |
高危 |
1.3.3 |
1.6.0 |
apache-commons-fileupload: Apache Commons FileUpload DoS via part headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48976
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| commons-io:commons-io |
CVE-2024-47554 |
高危 |
2.4 |
2.14.0 |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
|
| net.minidev:json-smart |
CVE-2021-31684 |
高危 |
1.3.1 |
1.3.3, 2.4.4 |
json-smart: Denial of Service in JSONParserByteArray function
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-31684
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-06-01 20:15 修改: 2026-06-17 03:52
|
| net.minidev:json-smart |
CVE-2023-1370 |
高危 |
1.3.1 |
2.4.9 |
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-1370
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-03-22 06:15 修改: 2026-06-17 05:27
|
| org.apache.commons:commons-compress |
CVE-2021-35515 |
高危 |
1.5 |
1.21 |
apache-commons-compress: infinite loop when reading a specially crafted 7Z archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35515
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57
|
| org.apache.commons:commons-compress |
CVE-2021-35516 |
高危 |
1.5 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35516
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57
|
| org.apache.commons:commons-compress |
CVE-2021-35517 |
高危 |
1.5 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-35517
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:57
|
| org.apache.commons:commons-compress |
CVE-2021-36090 |
高危 |
1.5 |
1.21 |
apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-36090
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-07-13 08:15 修改: 2026-06-17 03:58
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000338 |
高危 |
1.54 |
1.56 |
bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000338
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-01 20:29 修改: 2025-05-05 14:14
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000340 |
高危 |
1.54 |
1.56 |
bouncycastle: Carry propagation bug in math.raw.Nat??? class
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000340
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-04 13:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000342 |
高危 |
1.54 |
1.56 |
bouncycastle: ECDSA improper validation of ASN.1 encoding of signature
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000342
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-04 13:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000343 |
高危 |
1.54 |
1.56 |
bouncycastle: DSA key pair generator generates a weak private key by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000343
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-04 13:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000344 |
高危 |
1.54 |
1.56 |
bouncycastle: DHIES implementation allowed the use of ECB mode
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000344
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-04 21:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000352 |
高危 |
1.54 |
1.56 |
bouncycastle: ECIES implementation allowed the use of ECB mode
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000352
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-04 21:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2018-1000180 |
高危 |
1.54 |
1.60 |
bouncycastle: flaw in the low-level interface to RSA key pair generator
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1000180
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-05 13:29 修改: 2026-06-17 01:32
|
| org.eclipse.jetty:jetty-server |
CVE-2017-7656 |
高危 |
9.2.26.v20180806 |
9.3.24.v20180605, 9.4.11.v20180605 |
jetty: HTTP request smuggling using the range header
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-7656
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-26 15:29 修改: 2026-06-17 01:24
|
| org.eclipse.jetty:jetty-server |
CVE-2021-28165 |
高危 |
9.2.26.v20180806 |
9.4.39, 10.0.2, 11.0.2 |
jetty: Resource exhaustion when receiving an invalid large TLS frame
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28165
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-04-01 15:15 修改: 2026-06-17 03:45
|
| org.eclipse.jetty:jetty-webapp |
CVE-2020-27216 |
高危 |
9.2.26.v20180806 |
9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3 |
jetty: local temporary directory hijacking vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-27216
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-10-23 13:15 修改: 2026-06-17 03:08
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2018-5968 |
高危 |
2.5.3 |
2.8.11.1, 2.9.4, 2.7.9.5 |
jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-5968
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-01-22 04:29 修改: 2026-06-17 02:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12086 |
高危 |
2.5.3 |
2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12086
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-05-17 17:29 修改: 2026-06-17 02:14
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14439 |
高危 |
2.5.3 |
2.9.9.2, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: Polymorphic typing issue related to logback/JNDI
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14439
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-07-30 11:15 修改: 2026-06-17 02:18
|
| org.postgresql:postgresql |
CVE-2022-21724 |
高危 |
9.4.1208.jre7 |
42.2.25, 42.3.2 |
jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-21724
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-02-02 12:15 修改: 2026-06-17 04:26
|
| org.postgresql:postgresql |
CVE-2022-31197 |
高危 |
9.4.1208.jre7 |
42.2.26, 42.4.1, 42.3.7 |
postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-31197
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-08-03 19:15 修改: 2026-06-17 04:45
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-14892 |
高危 |
2.5.3 |
2.6.7.3, 2.8.11.5, 2.9.10 |
jackson-databind: Serialization gadgets in classes of the commons-configuration package
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-14892
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-03-02 17:15 修改: 2026-06-17 02:19
|
| org.springframework:spring-beans |
CVE-2022-22970 |
高危 |
4.3.2.RELEASE |
5.2.22.RELEASE, 5.3.20 |
springframework: DoS via data binding to multipartFile or servlet part
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22970
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-05-12 20:15 修改: 2026-06-17 04:29
|
| org.springframework:spring-context |
CVE-2022-22968 |
高危 |
4.3.2.RELEASE |
5.3.19, 5.2.21.RELEASE |
Framework: Data Binding Rules Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22968
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-04-14 21:15 修改: 2026-06-17 04:29
|
| org.springframework:spring-core |
CVE-2018-1272 |
高危 |
4.3.2.RELEASE |
4.3.15, 5.0.5 |
spring-framework: Multipart content pollution
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1272
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-04-06 13:29 修改: 2026-06-17 01:50
|
| org.springframework:spring-core |
CVE-2018-15756 |
高危 |
4.3.2.RELEASE |
5.1.1.RELEASE, 5.0.10.RELEASE, 4.3.20.RELEASE |
springframework: DoS Attack via Range Requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-15756
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-10-18 22:29 修改: 2026-06-17 01:43
|
| org.springframework:spring-expression |
CVE-2023-20863 |
高危 |
4.3.2.RELEASE |
6.0.8, 5.3.27, 5.2.24.RELEASE |
springframework: Spring Expression DoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20863
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-04-13 20:15 修改: 2026-06-17 05:31
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2020-10650 |
高危 |
2.5.3 |
2.9.10.4 |
A deserialization flaw was discovered in jackson-databind through 2.9. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-10650
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-12-26 20:15 修改: 2026-06-17 02:48
|
| org.springframework:spring-web |
CVE-2024-22243 |
高危 |
4.3.2.RELEASE |
6.1.4, 6.0.17, 5.3.32 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22243
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-02-23 05:15 修改: 2026-06-17 07:11
|
| org.springframework:spring-web |
CVE-2024-22259 |
高危 |
4.3.2.RELEASE |
6.1.5, 6.0.18, 5.3.33 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22259
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-03-16 05:15 修改: 2026-06-17 07:11
|
| org.springframework:spring-web |
CVE-2024-22262 |
高危 |
4.3.2.RELEASE |
5.3.34, 6.0.19, 6.1.6 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22262
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-04-16 06:15 修改: 2026-06-17 07:11
|
| org.yaml:snakeyaml |
CVE-2017-18640 |
高危 |
1.15 |
1.26 |
snakeyaml: Billion laughs attack via alias feature
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-18640
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-12-12 03:15 修改: 2026-06-17 01:13
|
| org.yaml:snakeyaml |
CVE-2022-1471 |
高危 |
1.15 |
2.0 |
SnakeYaml: Constructor Deserialization Remote Code Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-12-01 11:15 修改: 2026-06-17 04:22
|
| org.yaml:snakeyaml |
CVE-2022-25857 |
高危 |
1.15 |
1.31 |
snakeyaml: Denial of Service due to missing nested depth limitation for collections
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25857
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-08-30 05:15 修改: 2026-06-17 04:34
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.2.3 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12384 |
中危 |
2.5.3 |
2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12384
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-06-24 16:15 修改: 2026-06-17 02:14
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000339 |
中危 |
1.54 |
1.56 |
bouncycastle: Information leak in AESFastEngine class
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000339
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-04 13:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000341 |
中危 |
1.54 |
1.56 |
bouncycastle: Information exposure in DSA signature generation via timing attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000341
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-04 13:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000345 |
中危 |
1.54 |
1.56 |
bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000345
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-04 21:29 修改: 2025-05-12 17:37
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2020-15522 |
中危 |
1.54 |
1.66 |
bouncycastle: Timing issue within the EC math library
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15522
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-05-20 12:15 修改: 2026-06-17 02:56
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2020-26939 |
中危 |
1.54 |
1.61 |
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1. ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-26939
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-11-02 22:15 修改: 2026-06-17 03:08
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2023-33201 |
中危 |
1.54 |
|
bouncycastle: potential blind LDAP injection attack using a self-signed certificate
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33201
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-07-05 03:15 修改: 2026-06-17 06:01
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2023-33202 |
中危 |
1.54 |
1.70 |
bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-33202
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-11-23 16:15 修改: 2026-06-17 06:01
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2024-29857 |
中危 |
1.54 |
1.78 |
org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29857
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-05-14 15:17 修改: 2026-06-17 07:23
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2024-30171 |
中危 |
1.54 |
1.78 |
bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-30171
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-05-14 15:21 修改: 2026-06-17 07:26
|
| org.eclipse.jetty:jetty-http |
CVE-2023-40167 |
中危 |
9.2.26.v20180806 |
9.4.52, 10.0.16, 11.0.16, 12.0.1 |
jetty: Improper validation of HTTP/1 content-length
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-40167
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-09-15 20:15 修改: 2026-06-17 06:16
|
| org.eclipse.jetty:jetty-http |
CVE-2024-6763 |
中危 |
9.2.26.v20180806 |
12.0.12 |
org.eclipse.jetty:jetty-http: jetty: Jetty URI parsing of invalid authority
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-6763
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-10-14 16:15 修改: 2026-06-17 08:18
|
| commons-io:commons-io |
CVE-2021-29425 |
中危 |
2.4 |
2.7 |
apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-29425
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-04-13 07:15 修改: 2026-06-17 03:47
|
| commons-lang:commons-lang |
CVE-2025-48924 |
中危 |
2.6 |
|
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| org.eclipse.jetty:jetty-server |
CVE-2018-12536 |
中危 |
9.2.26.v20180806 |
9.4.11.v20180605, 9.3.24.v20180605 |
jetty: full server path revealed when using the default Error Handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-12536
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-27 17:29 修改: 2026-06-17 01:37
|
| org.eclipse.jetty:jetty-server |
CVE-2019-10241 |
中危 |
9.2.26.v20180806 |
9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 |
jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10241
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-04-22 20:29 修改: 2026-06-17 02:10
|
| org.eclipse.jetty:jetty-server |
CVE-2019-10246 |
中危 |
9.2.26.v20180806 |
9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 |
jetty: Directory Listing on Windows reveals Resource Base path
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10246
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-04-22 20:29 修改: 2026-06-17 02:10
|
| org.eclipse.jetty:jetty-server |
CVE-2019-10247 |
中危 |
9.2.26.v20180806 |
9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 |
jetty: error path information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-10247
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-04-22 20:29 修改: 2026-06-17 02:10
|
| org.eclipse.jetty:jetty-server |
CVE-2023-26048 |
中危 |
9.2.26.v20180806 |
9.4.51.v20230217, 10.0.14, 11.0.14 |
jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26048
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-04-18 21:15 修改: 2026-06-17 05:42
|
| org.eclipse.jetty:jetty-servlets |
CVE-2021-28169 |
中危 |
9.2.26.v20180806 |
9.4.41, 10.0.3, 11.0.3 |
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-28169
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-06-09 02:15 修改: 2026-06-17 03:45
|
| org.eclipse.jetty:jetty-servlets |
CVE-2024-9823 |
中危 |
9.2.26.v20180806 |
9.4.54, 10.0.18, 11.0.18 |
org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-9823
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-10-14 15:15 修改: 2026-06-17 08:25
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2019-12814 |
中危 |
2.5.3 |
2.9.9.1, 2.8.11.4, 2.7.9.6, 2.6.7.3 |
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message.
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-12814
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2019-06-19 14:15 修改: 2026-06-17 02:15
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.5.3 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| net.minidev:json-smart |
CVE-2021-27568 |
中危 |
1.3.1 |
1.3.2, 2.4.1, 2.3.1 |
json-smart: uncaught exception may lead to crash or information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-27568
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-02-23 02:15 修改: 2026-06-17 03:45
|
| ch.qos.logback:logback-core |
CVE-2025-11226 |
中危 |
1.2.3 |
1.5.19, 1.3.16 |
ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16
|
| com.google.guava:guava |
CVE-2018-10237 |
中危 |
12.0 |
24.1.1-android |
guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-04-26 21:29 修改: 2026-06-17 01:33
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
12.0 |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| com.google.guava:guava |
CVE-2018-10237 |
中危 |
15.0 |
24.1.1-android |
guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-10237
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-04-26 21:29 修改: 2026-06-17 01:33
|
| org.apache.commons:commons-compress |
CVE-2024-25710 |
中危 |
1.5 |
1.26.0 |
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-25710
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-02-19 09:15 修改: 2026-06-17 07:16
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.1 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| org.springframework:spring-context |
CVE-2024-38820 |
中危 |
4.3.2.RELEASE |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| org.apache.httpcomponents:httpclient |
CVE-2014-3577 |
中危 |
4.3.1 |
4.3.5 |
CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
漏洞详情: https://avd.aquasec.com/nvd/cve-2014-3577
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2014-08-21 14:55 修改: 2026-05-06 22:30
|
| org.apache.httpcomponents:httpclient |
CVE-2015-5262 |
中危 |
4.3.1 |
4.3.6 |
httpcomponents-core: missing HTTPS connection timeout
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-5262
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2015-10-27 16:59 修改: 2026-05-06 22:30
|
| org.springframework:spring-core |
CVE-2018-11040 |
中危 |
4.3.2.RELEASE |
5.0.7.RELEASE, 4.3.18.RELEASE |
springframework: cross-domain requests via JSONP through AbstractJsonpResponseBodyAdvice
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11040
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-25 15:29 修改: 2026-06-17 01:35
|
| org.springframework:spring-core |
CVE-2018-1199 |
中危 |
4.3.2.RELEASE |
4.3.14, 5.0.3 |
spring-framework: Improper URL path validation allows for bypassing of security checks on static resources
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1199
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-03-16 20:29 修改: 2026-06-17 01:50
|
| org.springframework:spring-core |
CVE-2018-1257 |
中危 |
4.3.2.RELEASE |
5.0.6, 4.3.17 |
spring-framework: ReDoS Attack with spring-messaging
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1257
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-05-11 20:29 修改: 2026-06-17 01:50
|
| org.springframework:spring-core |
CVE-2018-1271 |
中危 |
4.3.2.RELEASE |
5.0.5, 4.3.15 |
spring-framework: Directory traversal vulnerability with static resources on Windows filesystems
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-1271
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-04-06 13:29 修改: 2026-06-17 01:50
|
| org.apache.httpcomponents:httpclient |
CVE-2020-13956 |
中危 |
4.3.1 |
4.5.13, 5.0.3 |
apache-httpclient: incorrect handling of malformed authority component in request URIs
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-13956
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-12-02 17:15 修改: 2026-06-17 02:53
|
| org.springframework:spring-expression |
CVE-2022-22950 |
中危 |
4.3.2.RELEASE |
5.3.17, 5.2.20.RELEASE |
spring-expression: Denial of service via specially crafted SpEL expression
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-22950
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-04-01 23:15 修改: 2026-06-17 04:29
|
| org.springframework:spring-expression |
CVE-2023-20861 |
中危 |
4.3.2.RELEASE |
6.0.7, 5.3.26, 5.2.23.RELEASE |
springframework: Spring Expression DoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20861
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-03-23 21:15 修改: 2026-06-17 05:31
|
| org.springframework:spring-expression |
CVE-2024-38808 |
中危 |
4.3.2.RELEASE |
5.3.39 |
spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38808
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-08-20 08:15 修改: 2026-06-17 07:41
|
| org.bouncycastle:bcpkix-jdk15on |
CVE-2025-8916 |
中危 |
1.54 |
1.79 |
org.bouncycastle: BouncyCastle denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-8916
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2025-08-13 10:15 修改: 2026-06-17 10:07
|
| org.bouncycastle:bcpkix-jdk15on |
CVE-2026-5588 |
中危 |
1.54 |
1.84 |
bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-5588
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2026-04-15 10:16 修改: 2026-06-30 03:21
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2025-53864 |
中危 |
4.12 |
10.0.2, 9.37.4 |
com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2025-07-11 03:16 修改: 2026-06-17 09:39
|
| com.google.guava:guava |
CVE-2023-2976 |
中危 |
15.0 |
32.0.0-android |
guava: insecure temporary directory creation
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
|
| org.springframework:spring-web |
CVE-2018-11039 |
中危 |
4.3.2.RELEASE |
5.0.7, 4.3.18 |
springframework: Cross Site Tracing (XST) if vulnerable to XSS
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-11039
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-25 15:29 修改: 2026-06-17 01:35
|
| org.springframework:spring-web |
CVE-2024-38809 |
中危 |
4.3.2.RELEASE |
5.3.38, 6.0.23, 6.1.12 |
org.springframework:spring-web: Spring Framework DoS via conditional HTTP request
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38809
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-09-27 17:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-web |
CVE-2024-38820 |
中危 |
4.3.2.RELEASE |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| ch.qos.logback:logback-core |
CVE-2021-42550 |
中危 |
1.2.3 |
1.2.9 |
logback: remote code execution through JNDI call from within its configuration file
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42550
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-12-16 19:15 修改: 2026-06-17 04:09
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-49128 |
中危 |
2.5.3 |
2.13.0 |
com.fasterxml.jackson.core/jackson-core: Jackson-core Memory Disclosure via Source Snippet in JsonLocation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49128
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2025-06-06 22:15 修改: 2026-06-17 09:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.5.3 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.yaml:snakeyaml |
CVE-2022-38749 |
中危 |
1.15 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38749
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38750 |
中危 |
1.15 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38750
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38751 |
中危 |
1.15 |
1.31 |
snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38751
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38752 |
中危 |
1.15 |
1.32 |
snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38752
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-41854 |
中危 |
1.15 |
1.32 |
dev-java/snakeyaml: DoS via stack overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41854
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-11-11 13:15 修改: 2026-06-17 05:03
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
15.0 |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| org.bouncycastle:bcprov-jdk15on |
CVE-2016-1000346 |
低危 |
1.54 |
1.56 |
bouncycastle: Other party DH public keys are not fully validated
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000346
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2018-06-04 21:29 修改: 2025-05-12 17:37
|
| org.eclipse.jetty:jetty-server |
CVE-2021-34428 |
低危 |
9.2.26.v20180806 |
9.4.41, 10.0.3, 11.0.3 |
jetty: SessionListener can prevent a session from being invalidated breaking logout
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-34428
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2021-06-22 15:15 修改: 2026-06-17 03:55
|
| org.eclipse.jetty:jetty-server |
CVE-2023-26049 |
低危 |
9.2.26.v20180806 |
9.4.51.v20230217, 10.0.14, 11.0.14, 12.0.0.beta0 |
jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26049
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-04-18 21:15 修改: 2026-06-17 05:42
|
| org.springframework:spring-context |
CVE-2025-22233 |
低危 |
4.3.2.RELEASE |
6.2.7, 6.1.20 |
CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2017-12973 |
低危 |
4.12 |
4.39 |
Nimbus JOSE+JWT vulnerable to padding oracle attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-12973
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2017-08-20 16:29 修改: 2026-06-17 01:04
|
| ch.qos.logback:logback-core |
CVE-2026-10532 |
低危 |
1.2.3 |
1.5.35 |
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10532
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2026-06-01 13:16 修改: 2026-06-17 10:12
|
| org.eclipse.jetty:jetty-servlets |
CVE-2023-36479 |
低危 |
9.2.26.v20180806 |
9.4.52, 10.0.16, 11.0.16 |
jetty: Improper addition of quotation marks to user inputs in CgiServlet
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-36479
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-09-15 19:15 修改: 2026-06-17 06:06
|
| org.eclipse.jetty:jetty-http |
CVE-2022-2047 |
低危 |
9.2.26.v20180806 |
9.4.47, 10.0.10, 11.0.10 |
jetty-http: improver hostname input handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2047
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2022-07-07 21:15 修改: 2026-06-17 04:41
|
| org.eclipse.jetty:jetty-xml |
GHSA-58qw-p7qm-5rvh |
低危 |
9.2.26.v20180806 |
10.0.16, 11.0.16, 12.0.0, 9.4.52.v20230823 |
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
漏洞详情: https://github.com/advisories/GHSA-58qw-p7qm-5rvh
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2023-07-10 21:52 修改: 2026-02-10 20:06
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.2.3 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
|
| com.google.guava:guava |
CVE-2020-8908 |
低危 |
12.0 |
32.0.0-android |
guava: local information disclosure via temporary directory created with unsafe permissions
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
|
| commons-configuration:commons-configuration |
CVE-2025-46392 |
低危 |
1.8 |
|
apache-commons-configuration: Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46392
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2025-05-09 10:15 修改: 2026-06-17 09:26
|
| ch.qos.logback:logback-core |
CVE-2026-9828 |
低危 |
1.2.3 |
1.5.33 |
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9828
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2026-05-28 14:16 修改: 2026-06-17 11:05
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.2.3 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:c9fad8d7a9fae46fd5609adf78eb02f02472d9396f5a04619f139a74953eebcc
发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00
|