docker.io/xiaoymin/knife4j:v2.0 linux/amd64

docker.io/xiaoymin/knife4j:v2.0 - Trivy安全扫描结果 扫描时间: 2026-06-24 15:05
全部漏洞信息
低危漏洞:12 中危漏洞:54 高危漏洞:59 严重漏洞:9

系统OS: alpine 3.15.0 扫描引擎: Trivy 扫描时间: 2026-06-24 15:05

docker.io/xiaoymin/knife4j:v2.0 (alpine 3.15.0) (alpine)
低危漏洞:0 中危漏洞:14 高危漏洞:14 严重漏洞:2
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
libtasn1 CVE-2021-46848 严重 4.18.0-r0 4.18.0-r1 libtasn1: Out-of-bound access in ETYPE_OK

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-46848

镜像层: sha256:4935b8115970467cdd33f208021b26c61e8a2dc6adf0890788487ac1d9494579

发布日期: 2022-10-24 14:15 修改: 2026-06-17 04:15
zlib CVE-2022-37434 严重 1.2.11-r3 1.2.12-r2 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-37434

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2022-08-05 07:15 修改: 2026-06-17 04:55
libcrypto1.1 CVE-2022-4450 高危 1.1.1l-r7 1.1.1t-r0 openssl: double free after calling PEM_read_bio_ex

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4450

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:20
libcrypto1.1 CVE-2023-0215 高危 1.1.1l-r7 1.1.1t-r0 openssl: use-after-free following BIO_new_NDEF

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0215

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:25
libcrypto1.1 CVE-2023-0286 高危 1.1.1l-r7 1.1.1t-r0 openssl: X.400 address type confusion in X.509 GeneralName

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0286

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:25
libcrypto1.1 CVE-2023-0464 高危 1.1.1l-r7 1.1.1t-r2 openssl: Denial of service by excessive resource usage in verifying X509 policy constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0464

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-03-22 17:15 修改: 2026-06-17 05:25
libretls CVE-2022-0778 高危 3.3.4-r2 3.3.4-r3 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2022-03-15 17:15 修改: 2026-06-17 04:21
libssl1.1 CVE-2022-0778 高危 1.1.1l-r7 1.1.1n-r0 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2022-03-15 17:15 修改: 2026-06-17 04:21
libssl1.1 CVE-2022-4450 高危 1.1.1l-r7 1.1.1t-r0 openssl: double free after calling PEM_read_bio_ex

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4450

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:20
libssl1.1 CVE-2023-0215 高危 1.1.1l-r7 1.1.1t-r0 openssl: use-after-free following BIO_new_NDEF

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0215

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:25
libssl1.1 CVE-2023-0286 高危 1.1.1l-r7 1.1.1t-r0 openssl: X.400 address type confusion in X.509 GeneralName

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0286

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:25
libssl1.1 CVE-2023-0464 高危 1.1.1l-r7 1.1.1t-r2 openssl: Denial of service by excessive resource usage in verifying X509 policy constraints

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0464

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-03-22 17:15 修改: 2026-06-17 05:25
busybox CVE-2022-28391 高危 1.34.1-r3 1.34.1-r5 busybox: remote attackers may execute arbitrary code if netstat is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2022-04-03 21:15 修改: 2026-06-17 04:38
ssl_client CVE-2022-28391 高危 1.34.1-r3 1.34.1-r5 busybox: remote attackers may execute arbitrary code if netstat is used

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-28391

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2022-04-03 21:15 修改: 2026-06-17 04:38
libcrypto1.1 CVE-2022-0778 高危 1.1.1l-r7 1.1.1n-r0 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0778

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2022-03-15 17:15 修改: 2026-06-17 04:21
zlib CVE-2018-25032 高危 1.2.11-r3 1.2.12-r0 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

漏洞详情: https://avd.aquasec.com/nvd/cve-2018-25032

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2022-03-25 09:15 修改: 2026-06-17 01:54
libcrypto1.1 CVE-2023-2650 中危 1.1.1l-r7 1.1.1u-r0 openssl: Possible DoS translating ASN.1 object identifiers

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2650

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-05-30 14:15 修改: 2026-06-17 05:53
libcrypto1.1 CVE-2023-3446 中危 1.1.1l-r7 1.1.1u-r2 openssl: Excessive time spent checking DH keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3446

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-07-19 12:15 修改: 2026-06-17 06:14
libcrypto1.1 CVE-2023-3817 中危 1.1.1l-r7 1.1.1v-r0 OpenSSL: Excessive time spent checking DH q parameter value

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3817

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-07-31 16:15 修改: 2026-06-17 06:14
libssl1.1 CVE-2022-2097 中危 1.1.1l-r7 1.1.1q-r0 openssl: AES OCB fails to encrypt some bytes

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2097

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2022-07-05 11:15 修改: 2026-06-17 04:41
libssl1.1 CVE-2022-4304 中危 1.1.1l-r7 1.1.1t-r0 openssl: timing attack in RSA Decryption implementation

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4304

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:20
libssl1.1 CVE-2023-0465 中危 1.1.1l-r7 1.1.1t-r2 openssl: Invalid certificate policies in leaf certificates are silently ignored

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0465

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-03-28 15:15 修改: 2026-06-17 05:25
libssl1.1 CVE-2023-2650 中危 1.1.1l-r7 1.1.1u-r0 openssl: Possible DoS translating ASN.1 object identifiers

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2650

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-05-30 14:15 修改: 2026-06-17 05:53
libssl1.1 CVE-2023-3446 中危 1.1.1l-r7 1.1.1u-r2 openssl: Excessive time spent checking DH keys and parameters

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3446

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-07-19 12:15 修改: 2026-06-17 06:14
libssl1.1 CVE-2023-3817 中危 1.1.1l-r7 1.1.1v-r0 OpenSSL: Excessive time spent checking DH q parameter value

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3817

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-07-31 16:15 修改: 2026-06-17 06:14
libssl1.1 CVE-2023-5678 中危 1.1.1l-r7 1.1.1w-r1 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-11-06 16:15 修改: 2026-06-17 06:49
libcrypto1.1 CVE-2023-5678 中危 1.1.1l-r7 1.1.1w-r1 openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-5678

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-11-06 16:15 修改: 2026-06-17 06:49
libcrypto1.1 CVE-2022-2097 中危 1.1.1l-r7 1.1.1q-r0 openssl: AES OCB fails to encrypt some bytes

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-2097

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2022-07-05 11:15 修改: 2026-06-17 04:41
libcrypto1.1 CVE-2022-4304 中危 1.1.1l-r7 1.1.1t-r0 openssl: timing attack in RSA Decryption implementation

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-4304

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-02-08 20:15 修改: 2026-06-17 05:20
libcrypto1.1 CVE-2023-0465 中危 1.1.1l-r7 1.1.1t-r2 openssl: Invalid certificate policies in leaf certificates are silently ignored

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-0465

镜像层: sha256:8d3ac3489996423f53d6087c81180006263b79f206d3fdec9e66f0e27ceb8759

发布日期: 2023-03-28 15:15 修改: 2026-06-17 05:25
Java (jar)
低危漏洞:12 中危漏洞:40 高危漏洞:45 严重漏洞:7
软件包 漏洞 安全状态 安装版本 修复版本 漏洞信息
cn.hutool:hutool-all CVE-2023-24162 严重 5.8.10 Dromara Hutool Deserialization of Untrusted Data vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24162

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-01-31 16:15 修改: 2026-06-17 05:38
cn.hutool:hutool-all CVE-2023-24163 严重 5.8.10 5.8.21 Dromara hutool vulnerable to SQL Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24163

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-01-31 16:15 修改: 2026-06-17 05:38
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-24813 严重 10.1.1 11.0.3, 10.1.35, 9.0.99 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24813

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-03-10 17:15 修改: 2026-06-17 08:59
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-41293 严重 10.1.1 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43512 严重 10.1.1 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43515 严重 10.1.1 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: tomcat: Improper Authorization allows security bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
org.springframework:spring-webmvc CVE-2023-20860 严重 6.0.2 6.0.7, 5.3.26 springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20860

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-03-27 22:15 修改: 2026-06-17 05:31
io.netty:netty-codec CVE-2021-37136 高危 4.1.48.Final 4.1.68.Final netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37136

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00
io.netty:netty-codec CVE-2021-37137 高危 4.1.48.Final 4.1.68.Final netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-37137

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2021-10-19 15:15 修改: 2026-06-17 04:00
io.netty:netty-codec CVE-2026-42583 高危 4.1.48.Final 4.1.133.Final Netty is an asynchronous, event-driven network application framework. ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
io.netty:netty-codec-http CVE-2026-33870 高危 4.1.48.Final 4.1.132.Final, 4.2.10.Final io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-03-27 20:16 修改: 2026-06-17 10:38
io.netty:netty-codec-http CVE-2026-42584 高危 4.1.48.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
io.netty:netty-codec-http CVE-2026-42587 高危 4.1.48.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
io.netty:netty-codec-http2 CVE-2025-55163 高危 4.1.48.Final 4.2.4.Final, 4.1.124.Final netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
io.netty:netty-codec-http2 CVE-2026-33871 高危 4.1.48.Final 4.1.132.Final, 4.2.11.Final netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-03-27 20:16 修改: 2026-06-17 10:38
io.netty:netty-codec-http2 CVE-2026-42587 高危 4.1.48.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
io.netty:netty-codec-http2 GHSA-xpw8-rcwv-8f8p 高危 4.1.48.Final 4.1.100.Final io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack

漏洞详情: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-10-10 22:22 修改: 2023-11-06 22:08
io.netty:netty-handler CVE-2026-44249 高危 4.1.48.Final 4.2.15.Final, 4.1.135.Final netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-06-11 22:16 修改: 2026-06-17 10:50
io.netty:netty-handler CVE-2026-45416 高危 4.1.48.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
io.netty:netty-handler CVE-2026-50010 高危 4.1.48.Final 4.2.15.Final, 4.1.135.Final netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
ch.qos.logback:logback-classic CVE-2023-6378 高危 1.4.5 1.3.12, 1.4.12, 1.2.13 logback: serialization vulnerability in logback receiver

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-11-29 12:15 修改: 2026-06-17 06:50
ch.qos.logback:logback-core CVE-2023-6378 高危 1.4.5 1.3.12, 1.4.12, 1.2.13 logback: serialization vulnerability in logback receiver

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-11-29 12:15 修改: 2026-06-17 06:50
com.fasterxml.jackson.core:jackson-core CVE-2025-52999 高危 2.14.1 2.15.0 com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-06-25 17:15 修改: 2026-06-17 09:37
com.google.protobuf:protobuf-java CVE-2024-7254 高危 3.16.3 3.25.5, 4.27.5, 4.28.2 protobuf: StackOverflow vulnerability in Protocol Buffers

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-7254

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-09-19 01:15 修改: 2026-06-17 08:19
org.apache.tomcat.embed:tomcat-embed-core CVE-2022-45143 高危 10.1.1 8.5.84, 9.0.69, 10.1.2 tomcat: JsonErrorReportValve injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45143

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-01-03 19:15 修改: 2026-06-17 05:09
org.apache.tomcat.embed:tomcat-embed-core CVE-2023-24998 高危 10.1.1 10.1.5, 11.0.0-M5, 8.5.88, 9.0.71 FileUpload: FileUpload DoS with excessive parts

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24998

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-02-20 16:15 修改: 2026-06-17 05:40
org.apache.tomcat.embed:tomcat-embed-core CVE-2023-46589 高危 10.1.1 11.0.0-M11, 10.1.16, 9.0.83, 8.5.96 tomcat: HTTP request smuggling via malformed trailer headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46589

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-11-28 16:15 修改: 2026-06-17 06:31
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-34750 高危 10.1.1 11.0.0-M21, 10.1.25, 9.0.90 tomcat: Improper Handling of Exceptional Conditions

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34750

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-07-03 20:15 修改: 2026-06-17 07:34
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-50379 高危 10.1.1 11.0.2, 10.1.34, 9.0.98 tomcat: RCE due to TOCTOU issue in JSP compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-12-17 13:15 修改: 2026-06-17 08:04
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-56337 高危 10.1.1 11.0.2, 10.1.34, 9.0.98 tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56337

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-12-20 16:15 修改: 2026-06-17 08:12
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48988 高危 10.1.1 11.0.8, 10.1.42, 9.0.106 tomcat: Apache Tomcat DoS in multipart upload

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48988

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-48989 高危 10.1.1 11.0.10, 10.1.44, 9.0.108 tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48989

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-08-13 13:15 修改: 2026-06-17 09:30
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-52520 高危 10.1.1 11.0.9, 10.1.43, 9.0.107 tomcat: Apache Tomcat denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52520

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-07-10 19:15 修改: 2026-06-17 09:36
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-53506 高危 10.1.1 9.0.107, 10.1.43, 11.0.9 tomcat: Apache Tomcat denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53506

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-07-10 20:15 修改: 2026-06-17 09:38
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55752 高危 10.1.1 11.0.11, 10.1.45, 9.0.109 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-24734 高危 10.1.1 11.0.18, 10.1.52, 9.0.115 tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24734

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-02-17 19:21 修改: 2026-06-17 10:23
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-24880 高危 10.1.1 9.0.116, 10.1.52, 11.0.20 Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:23
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-34483 高危 10.1.1 9.0.116, 10.1.54, 11.0.21 Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-41284 高危 10.1.1 9.0.118, 10.1.55, 11.0.22 Allocation of Resources Without Limits or Throttling vulnerability in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-42498 高危 10.1.1 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:47
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43513 高危 10.1.1 9.0.118, 10.1.55, 11.0.22 Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
org.springframework.boot:spring-boot-autoconfigure CVE-2023-20883 高危 3.0.0 3.0.7, 2.7.12, 2.6.15, 2.5.15 spring-boot: Spring Boot Welcome Page DoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20883

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-05-26 17:15 修改: 2026-06-17 05:31
org.springframework:spring-core CVE-2025-41249 高危 6.0.2 6.2.11 org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22
org.springframework:spring-expression CVE-2023-20863 高危 6.0.2 6.0.8, 5.3.27, 5.2.24.RELEASE springframework: Spring Expression DoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20863

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-04-13 20:15 修改: 2026-06-17 05:31
org.springframework:spring-web CVE-2024-22243 高危 6.0.2 6.1.4, 6.0.17, 5.3.32 springframework: URL Parsing with Host Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22243

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-02-23 05:15 修改: 2026-06-17 07:11
org.springframework:spring-web CVE-2024-22259 高危 6.0.2 6.1.5, 6.0.18, 5.3.33 springframework: URL Parsing with Host Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22259

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-03-16 05:15 修改: 2026-06-17 07:11
org.springframework:spring-web CVE-2024-22262 高危 6.0.2 5.3.34, 6.0.19, 6.1.6 springframework: URL Parsing with Host Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22262

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-04-16 06:15 修改: 2026-06-17 07:11
commons-io:commons-io CVE-2024-47554 高危 2.11.0 2.14.0 apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
org.springframework:spring-webmvc CVE-2023-34053 高危 6.0.2 6.0.14 springframework: io.micrometer: micrometer-core classpath vulnerable to denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34053

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-11-28 09:15 修改: 2026-06-17 06:02
org.springframework:spring-webmvc CVE-2024-38816 高危 6.0.2 6.1.13 spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38816

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-09-13 06:15 修改: 2026-06-17 07:41
org.springframework:spring-webmvc CVE-2024-38819 高危 6.0.2 6.1.14 org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41
org.yaml:snakeyaml CVE-2022-1471 高危 1.33 2.0 SnakeYaml: Constructor Deserialization Remote Code Execution

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2022-12-01 11:15 修改: 2026-06-17 04:22
ch.qos.logback:logback-core CVE-2025-11226 中危 1.4.5 1.5.19, 1.3.16 ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-10-01 08:15 修改: 2026-06-17 08:29
io.netty:netty-codec CVE-2025-58057 中危 4.1.48.Final 4.1.125.Final netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
ch.qos.logback:logback-core CVE-2024-12798 中危 1.4.5 1.5.13, 1.3.15 logback-core: arbitrary code execution via JaninoEventEvaluator

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00
com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq 中危 2.14.1 2.21.1, 2.18.6 jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
io.netty:netty-codec-http2 CVE-2021-21295 中危 4.1.48.Final 4.1.60.Final netty: possible request smuggling in HTTP/2 due missing validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21295

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2021-03-09 19:15 修改: 2026-06-17 03:35
io.netty:netty-codec-http2 CVE-2021-21409 中危 4.1.48.Final 4.1.61.Final netty: Request smuggling via content-length header

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21409

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2021-03-30 15:15 修改: 2026-06-17 03:35
io.netty:netty-codec-http2 CVE-2026-47244 中危 4.1.48.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54
io.netty:netty-codec-http2 CVE-2026-48043 中危 4.1.48.Final 4.1.135.Final, 4.2.15.Final netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:54
io.netty:netty-codec-http2 CVE-2026-50560 中危 4.1.48.Final 4.2.15.Final, 4.1.135.Final netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
io.netty:netty-common CVE-2024-47535 中危 4.1.48.Final 4.1.115.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
io.netty:netty-common CVE-2025-25193 中危 4.1.48.Final 4.1.118.Final netty: Denial of Service attack on windows app using Netty

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
com.google.guava:guava CVE-2023-2976 中危 30.1-jre 32.0.0-android guava: insecure temporary directory creation

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-2976

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-06-14 18:15 修改: 2026-06-17 05:53
io.netty:netty-codec-http CVE-2021-21290 中危 4.1.48.Final 4.1.59.Final netty: Information disclosure via the local system temporary directory

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21290

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2021-02-08 20:15 修改: 2026-06-17 03:35
org.apache.tomcat.embed:tomcat-embed-core CVE-2023-41080 中危 10.1.1 8.5.93, 9.0.80, 10.1.13, 11.0.0-M11 tomcat: Open Redirect vulnerability in FORM authentication

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-41080

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-08-25 21:15 修改: 2026-06-17 06:20
org.apache.tomcat.embed:tomcat-embed-core CVE-2023-42795 中危 10.1.1 10.1.14, 9.0.81, 8.5.94, 11.0.0-M12 tomcat: improper cleaning of recycled objects could lead to information leak

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42795

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-10-10 18:15 修改: 2026-06-17 06:24
org.apache.tomcat.embed:tomcat-embed-core CVE-2023-44487 中危 10.1.1 11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-10-10 14:15 修改: 2026-06-17 06:27
org.apache.tomcat.embed:tomcat-embed-core CVE-2023-45648 中危 10.1.1 11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 tomcat: incorrectly parsed http trailer headers can cause request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45648

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-10-10 19:15 修改: 2026-06-17 06:28
org.apache.tomcat.embed:tomcat-embed-core CVE-2024-24549 中危 10.1.1 8.5.99, 9.0.86, 10.1.19, 11.0.0-M17 Tomcat: HTTP/2 header handling DoS

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24549

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-03-13 16:15 修改: 2026-06-17 07:14
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-49124 中危 10.1.1 11.0.8, 10.1.42, 9.0.106 Apache Tomcat installer for Windows has an untrusted search path vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49124

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-49125 中危 10.1.1 11.0.8, 10.1.42, 9.0.106 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49125

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-66614 中危 10.1.1 11.0.15, 10.1.50, 9.0.113 tomcat: Client certificate verification bypass due to virtual host mapping

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-02-17 19:21 修改: 2026-06-17 09:57
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-25854 中危 10.1.1 9.0.116, 10.1.53, 11.0.20 Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:25
org.apache.tomcat.embed:tomcat-embed-websocket CVE-2024-23672 中危 10.1.1 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 Tomcat: WebSocket DoS with incomplete closing handshake

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23672

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-03-13 16:15 修改: 2026-06-17 07:13
io.netty:netty-codec-http CVE-2021-43797 中危 4.1.48.Final 4.1.71.Final netty: control chars in header names may lead to HTTP request smuggling

漏洞详情: https://avd.aquasec.com/nvd/cve-2021-43797

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2021-12-09 19:15 修改: 2026-06-17 04:11
org.springframework:spring-context CVE-2024-38820 中危 6.0.2 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
io.netty:netty-handler CVE-2023-34462 中危 4.1.48.Final 4.1.94.Final netty: SniHandler 16MB allocation leads to OOM

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-34462

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-06-22 23:15 修改: 2026-06-17 06:03
io.netty:netty-transport-native-epoll CVE-2026-45536 中危 4.1.48.Final 4.2.15.Final, 4.1.135.Final netty-transport-native-epoll: netty-transport-native-kqueue: Netty: Denial of Service due to file descriptor leak in SCM_RIGHTS message handling

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45536

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:52
org.springframework:spring-expression CVE-2023-20861 中危 6.0.2 6.0.7, 5.3.26, 5.2.23.RELEASE springframework: Spring Expression DoS Vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20861

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2023-03-23 21:15 修改: 2026-06-17 05:31
io.netty:netty-codec-http CVE-2022-24823 中危 4.1.48.Final 4.1.77.Final netty: world readable temporary file containing sensitive data

漏洞详情: https://avd.aquasec.com/nvd/cve-2022-24823

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2022-05-06 12:15 修改: 2026-06-17 04:32
io.netty:netty-codec-http CVE-2024-29025 中危 4.1.48.Final 4.1.108.Final netty-codec-http: Allocation of Resources Without Limits or Throttling

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-29025

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-03-25 20:15 修改: 2026-06-17 07:22
io.netty:netty-codec-http CVE-2025-67735 中危 4.1.48.Final 4.2.8.Final, 4.1.129.Final netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
org.springframework:spring-web CVE-2024-38809 中危 6.0.2 5.3.38, 6.0.23, 6.1.12 org.springframework:spring-web: Spring Framework DoS via conditional HTTP request

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38809

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-09-27 17:15 修改: 2026-06-17 07:41
org.springframework:spring-web CVE-2024-38820 中危 6.0.2 6.1.14 The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
io.netty:netty-codec-http CVE-2026-41417 中危 4.1.48.Final 4.1.133.Final, 4.2.13.Final netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
io.netty:netty-codec-http CVE-2026-42580 中危 4.1.48.Final 4.2.13.Final, 4.1.133.Final netty: Netty: Request smuggling via chunk size parser integer overflow

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
io.netty:netty-codec-http CVE-2026-42581 中危 4.1.48.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
io.netty:netty-codec-http CVE-2026-42585 中危 4.1.48.Final 4.2.13.Final, 4.1.133.Final netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
org.springframework:spring-webmvc CVE-2025-41242 中危 6.0.2 6.2.10 org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22
org.springframework:spring-webmvc CVE-2026-22737 中危 6.0.2 7.0.6, 6.2.17 Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
io.netty:netty-codec-http CVE-2026-50020 中危 4.1.48.Final 4.2.15.Final, 4.1.135.Final netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-61795 低危 10.1.1 11.0.12, 10.1.47, 9.0.110 tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:50
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-24733 低危 10.1.1 11.0.15, 10.1.50, 9.0.113 tomcat: security constraint bypass with HTTP/0.9

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24733

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-02-17 19:21 修改: 2026-06-17 10:23
org.apache.tomcat.embed:tomcat-embed-core CVE-2026-43514 低危 10.1.1 9.0.118, 10.1.55, 11.0.22 tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
ch.qos.logback:logback-core CVE-2024-12801 低危 1.4.5 1.5.13, 1.3.15 logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks

漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00
com.google.guava:guava CVE-2020-8908 低危 30.1-jre 32.0.0-android guava: local information disclosure via temporary directory created with unsafe permissions

漏洞详情: https://avd.aquasec.com/nvd/cve-2020-8908

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2020-12-10 23:15 修改: 2026-06-17 03:27
ch.qos.logback:logback-core CVE-2026-1225 低危 1.4.5 1.5.25 ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
org.springframework:spring-context CVE-2025-22233 低危 6.0.2 6.2.7, 6.1.20 CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45
io.netty:netty-handler-proxy CVE-2026-42578 低危 4.1.48.Final 4.1.133.Final, 4.2.13.Final netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
io.netty:netty-codec-http CVE-2025-58056 低危 4.1.48.Final 4.1.125.Final, 4.2.5.Final netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-46701 低危 10.1.1 9.0.105, 10.1.41, 11.0.7 tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46701

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-05-29 19:15 修改: 2026-06-17 09:26
org.springframework:spring-webmvc CVE-2026-22735 低危 6.0.2 7.0.6, 6.2.17 org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events

漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
org.apache.tomcat.embed:tomcat-embed-core CVE-2025-55754 低危 10.1.1 11.0.11, 10.1.45, 9.0.109 org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55754

镜像层: sha256:d90440ab17aa589b575f5a99b4ec1b0c76582c772277b89b08ec59d5f8095364

发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42
检测到您正在使用广告拦截插件,本站为公益站点,依赖广告维持运转 🙏 查看如何关闭 ×