Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:36
Modified
2025-01-22 13:36
Summary
Kwetsbaarheden verholpen in Oracle Analytics
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of zich toegang te verschaffen tot gevoelige gegevens.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-248
Uncaught Exception
CWE-674
Uncontrolled Recursion
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-789
Memory Allocation with Excessive Size Value
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-670
Always-Incorrect Control Flow Implementation
CWE-399
CWE-399
CWE-326
Inadequate Encryption Strength
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-834
Excessive Iteration
CWE-311
Missing Encryption of Sensitive Data
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in Oracle Analytics producten, zoals Business Intelligence, Analytics Desktop en BI Publisher.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken, of zich toegang te verschaffen tot gevoelige gegevens.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Uncaught Exception", title: "CWE-248", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Memory Allocation with Excessive Size Value", title: "CWE-789", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, { category: "general", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, { category: "general", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, { category: "general", text: "CWE-399", title: "CWE-399", }, { category: "general", text: "Inadequate Encryption Strength", title: "CWE-326", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Analytics", tracking: { current_release_date: "2025-01-22T13:36:58.196605Z", id: "NCSC-2025-0028", initial_release_date: "2025-01-22T13:36:58.196605Z", revision_history: [ { date: "2025-01-22T13:36:58.196605Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-1503296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-220360", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:*:enterprise:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-135810", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-219994", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:enterprise:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-219817", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:6.4.0.0.0:enterprise:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-1503297", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-257324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-1503298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence", product: { name: "business_intelligence", product_id: "CSAFPID-1650736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence:7.6.0.0.0:*:*:*:enterprise:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765384", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764234", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764929", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:5.9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764235", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764930", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:6.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764236", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-1503574", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:7.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-1503573", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765388", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___5.9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764727", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764729", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_analytics_server___7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765383", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765385", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_bi_platform_security___5.9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764725", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764728", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764730", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_presentation_services___7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-764726", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_service_administration_ui___12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "business_intelligence_enterprise_edition", product: { name: "business_intelligence_enterprise_edition", product_id: "CSAFPID-765386", product_identification_helper: { cpe: "cpe:2.3:a:oracle:business_intelligence_enterprise_edition:_storage_service_integration___12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-9197", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-9493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-220546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:5.9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-228391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:5.9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-220545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-220560", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "bi_publisher", product: { name: "bi_publisher", product_id: "CSAFPID-1673195", product_identification_helper: { cpe: "cpe:2.3:a:oracle:bi_publisher:7.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:6.4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-816762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-1751172", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-1650735", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:prior_to_7.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "analytics_desktop", product: { name: "analytics_desktop", product_id: "CSAFPID-1751157", product_identification_helper: { cpe: "cpe:2.3:a:oracle:analytics_desktop:prior_to_8.1.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2016-10000", references: [ { category: "self", summary: "CVE-2016-10000", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2016/CVE-2016-10000.json", }, ], title: "CVE-2016-10000", }, { cve: "CVE-2020-2849", product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2020-2849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-2849.json", }, ], title: "CVE-2020-2849", }, { cve: "CVE-2020-7760", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-764778", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2020-7760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-7760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-764778", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-257324", ], }, ], title: "CVE-2020-7760", }, { cve: "CVE-2020-13956", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-228391", "CSAFPID-764778", "CSAFPID-220546", "CSAFPID-9197", "CSAFPID-764929", "CSAFPID-764930", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-1503574", "CSAFPID-257324", "CSAFPID-135810", ], }, references: [ { category: "self", summary: "CVE-2020-13956", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-228391", "CSAFPID-764778", "CSAFPID-220546", "CSAFPID-9197", "CSAFPID-764929", "CSAFPID-764930", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-1503574", "CSAFPID-257324", "CSAFPID-135810", ], }, ], title: "CVE-2020-13956", }, { cve: "CVE-2020-28975", product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2020-28975", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-28975.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2020-28975", }, { cve: "CVE-2021-23926", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9493", "CSAFPID-764778", "CSAFPID-228391", "CSAFPID-135810", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-220546", "CSAFPID-9197", "CSAFPID-764929", "CSAFPID-764930", ], }, references: [ { category: "self", summary: "CVE-2021-23926", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23926.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9493", "CSAFPID-764778", "CSAFPID-228391", "CSAFPID-135810", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-220546", "CSAFPID-9197", "CSAFPID-764929", "CSAFPID-764930", ], }, ], title: "CVE-2021-23926", }, { cve: "CVE-2021-33813", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, notes: [ { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, ], product_status: { known_affected: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9197", "CSAFPID-9493", "CSAFPID-228391", "CSAFPID-764778", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-135810", ], }, references: [ { category: "self", summary: "CVE-2021-33813", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-33813.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9197", "CSAFPID-9493", "CSAFPID-228391", "CSAFPID-764778", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-765383", "CSAFPID-765384", "CSAFPID-765385", "CSAFPID-765386", "CSAFPID-765387", "CSAFPID-765388", "CSAFPID-765389", "CSAFPID-135810", ], }, ], title: "CVE-2021-33813", }, { cve: "CVE-2022-40150", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9493", "CSAFPID-764778", "CSAFPID-228391", "CSAFPID-135810", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", ], }, references: [ { category: "self", summary: "CVE-2022-40150", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40150.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764234", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764235", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-764236", "CSAFPID-9493", "CSAFPID-764778", "CSAFPID-228391", "CSAFPID-135810", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", ], }, ], title: "CVE-2022-40150", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "other", text: "Creation of Temporary File in Directory with Insecure Permissions", title: "CWE-379", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-2976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, ], title: "CVE-2023-2976", }, { cve: "CVE-2023-4785", cwe: { id: "CWE-248", name: "Uncaught Exception", }, notes: [ { category: "other", text: "Uncaught Exception", title: "CWE-248", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-4785", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4785.json", }, ], title: "CVE-2023-4785", }, { cve: "CVE-2023-7272", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-7272", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7272.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2023-7272", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "other", text: "CWE-399", title: "CWE-399", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-764778", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-764725", "CSAFPID-764726", "CSAFPID-764727", "CSAFPID-764728", "CSAFPID-764729", "CSAFPID-764730", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-135810", ], }, references: [ { category: "self", summary: "CVE-2023-24998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json", }, ], title: "CVE-2023-24998", }, { cve: "CVE-2023-25399", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], product_status: { known_affected: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-25399", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-25399.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, ], title: "CVE-2023-25399", }, { cve: "CVE-2023-29824", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-29824", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29824.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, ], title: "CVE-2023-29824", }, { cve: "CVE-2023-32732", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, notes: [ { category: "other", text: "Expected Behavior Violation", title: "CWE-440", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-32732", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32732.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2023-32732", }, { cve: "CVE-2023-33202", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1650735", "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-33202", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33202.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1650735", "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, ], title: "CVE-2023-33202", }, { cve: "CVE-2023-33953", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "other", text: "Memory Allocation with Excessive Size Value", title: "CWE-789", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-33953", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33953.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2023-33953", }, { cve: "CVE-2023-43804", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-43804", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43804.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, ], title: "CVE-2023-43804", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220545", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764235", "CSAFPID-764236", "CSAFPID-816761", "CSAFPID-816762", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-45803", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-45803", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45803.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, ], title: "CVE-2023-45803", }, { cve: "CVE-2023-50782", cwe: { id: "CWE-208", name: "Observable Timing Discrepancy", }, notes: [ { category: "other", text: "Observable Timing Discrepancy", title: "CWE-208", }, { category: "other", text: "Observable Discrepancy", title: "CWE-203", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2023-50782", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50782.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, ], title: "CVE-2023-50782", }, { cve: "CVE-2024-0727", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-135810", "CSAFPID-1650736", "CSAFPID-257324", "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", ], }, references: [ { category: "self", summary: "CVE-2024-0727", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-135810", "CSAFPID-1650736", "CSAFPID-257324", "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", ], }, ], title: "CVE-2024-0727", }, { cve: "CVE-2024-1135", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-1135", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1135.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2024-1135", }, { cve: "CVE-2024-4741", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-1650736", "CSAFPID-257324", "CSAFPID-135810", ], }, references: [ { category: "self", summary: "CVE-2024-4741", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4741.json", }, ], title: "CVE-2024-4741", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, ], product_status: { known_affected: [ "CSAFPID-135810", "CSAFPID-1650736", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-135810", "CSAFPID-1650736", "CSAFPID-257324", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-220560", "CSAFPID-1673195", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-220560", "CSAFPID-1673195", "CSAFPID-257324", ], }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-22195", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-22195", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22195.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-257324", ], }, ], title: "CVE-2024-22195", }, { cve: "CVE-2024-26130", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-26130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9493", "CSAFPID-220560", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-1503574", "CSAFPID-257324", ], }, ], title: "CVE-2024-26130", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-220560", "CSAFPID-1673195", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-220560", "CSAFPID-1673195", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29131", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-257324", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-1650736", ], }, references: [ { category: "self", summary: "CVE-2024-29131", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29131.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-257324", "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-1650736", ], }, ], title: "CVE-2024-29131", }, { cve: "CVE-2024-34064", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-34064", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-816763", "CSAFPID-1503573", "CSAFPID-765385", "CSAFPID-764234", "CSAFPID-764236", "CSAFPID-1503574", "CSAFPID-257324", ], }, ], title: "CVE-2024-34064", }, { cve: "CVE-2024-35195", cwe: { id: "CWE-670", name: "Always-Incorrect Control Flow Implementation", }, notes: [ { category: "other", text: "Always-Incorrect Control Flow Implementation", title: "CWE-670", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-35195", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35195.json", }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2024-35195", }, { cve: "CVE-2024-36114", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-36114", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36114.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, ], title: "CVE-2024-36114", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-257324", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38809", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-220560", "CSAFPID-1673195", "CSAFPID-1650736", "CSAFPID-257324", "CSAFPID-135810", ], }, references: [ { category: "self", summary: "CVE-2024-38809", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38809.json", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-220560", "CSAFPID-1673195", "CSAFPID-1650736", "CSAFPID-257324", "CSAFPID-135810", ], }, ], title: "CVE-2024-38809", }, { cve: "CVE-2024-38820", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Handling of Case Sensitivity", title: "CWE-178", }, ], product_status: { known_affected: [ "CSAFPID-220560", "CSAFPID-1673195", ], }, references: [ { category: "self", summary: "CVE-2024-38820", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220560", "CSAFPID-1673195", ], }, ], title: "CVE-2024-38820", }, { cve: "CVE-2024-43382", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "other", text: "Missing Encryption of Sensitive Data", title: "CWE-311", }, { category: "other", text: "Inadequate Encryption Strength", title: "CWE-326", }, ], product_status: { known_affected: [ "CSAFPID-220560", "CSAFPID-1673195", ], }, references: [ { category: "self", summary: "CVE-2024-43382", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43382.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-220560", "CSAFPID-1673195", ], }, ], title: "CVE-2024-43382", }, { cve: "CVE-2024-47561", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, references: [ { category: "self", summary: "CVE-2024-47561", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650736", "CSAFPID-257324", ], }, ], title: "CVE-2024-47561", }, { cve: "CVE-2025-21532", product_status: { known_affected: [ "CSAFPID-1751157", ], }, references: [ { category: "self", summary: "CVE-2025-21532", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21532.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1751157", ], }, ], title: "CVE-2025-21532", }, ], }
cve-2024-1135
Vulnerability from cvelistv5
Published
2024-04-16 00:00
Modified
2025-02-13 17:27
Severity ?
EPSS score ?
Summary
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
benoitc | benoitc/gunicorn |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:benoitc:gunicorn:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "gunicorn", vendor: "benoitc", versions: [ { status: "affected", version: "*", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-1135", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-19T17:32:23.631972Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:59:56.871Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-20T07:02:46.961Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/12/msg00018.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "benoitc/gunicorn", vendor: "benoitc", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-444", description: "CWE-444 Inconsistent Interpretation of HTTP Requests", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-30T23:06:05.937Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1", }, { url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html", }, ], source: { advisory: "22158e34-cfd5-41ad-97e0-a780773d96c1", discovery: "EXTERNAL", }, title: "HTTP Request Smuggling in benoitc/gunicorn", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-1135", datePublished: "2024-04-16T00:00:14.938Z", dateReserved: "2024-01-31T18:15:14.296Z", dateUpdated: "2025-02-13T17:27:34.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37891
Vulnerability from cvelistv5
Published
2024-06-17 19:18
Modified
2024-08-22 18:03
Severity ?
EPSS score ?
Summary
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.
References
â–Ľ | URL | Tags |
---|---|---|
https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf | x_refsource_CONFIRM | |
https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37891", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-18T13:49:45.845349Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T13:49:57.293Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-22T18:03:15.819Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf", }, { name: "https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e", }, { url: "https://www.vicarius.io/vsociety/posts/proxy-authorization-header-handling-vulnerability-in-urllib3-cve-2024-37891", }, { url: "https://security.netapp.com/advisory/ntap-20240822-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "urllib3", vendor: "urllib3", versions: [ { status: "affected", version: "< 1.26.19", }, { status: "affected", version: ">= 2.0.0, < 2.2.2", }, ], }, ], descriptions: [ { lang: "en", value: " urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-669", description: "CWE-669: Incorrect Resource Transfer Between Spheres", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-17T19:18:32.574Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf", }, { name: "https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e", tags: [ "x_refsource_MISC", ], url: "https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e", }, ], source: { advisory: "GHSA-34jh-p97f-mpxf", discovery: "UNKNOWN", }, title: "Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-37891", datePublished: "2024-06-17T19:18:32.574Z", dateReserved: "2024-06-10T19:54:41.361Z", dateUpdated: "2024-08-22T18:03:15.819Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-28975
Vulnerability from cvelistv5
Published
2020-11-21 00:00
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2020-28975", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T20:03:17.341405Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T20:03:29.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T16:48:01.573Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/scikit-learn/scikit-learn/issues/18891", }, { tags: [ "x_transferred", ], url: "https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501", }, { name: "20201130 scikit-learn 0.23.2 Local Denial of Service", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Nov/44", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html", }, { tags: [ "x_transferred", ], url: "https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85", }, { name: "GLSA-202301-03", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202301-03", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/scikit-learn/scikit-learn/issues/18891", }, { url: "https://github.com/cjlin1/libsvm/blob/9a3a9708926dec87d382c43b203f2ca19c2d56a0/svm.cpp#L2501", }, { name: "20201130 scikit-learn 0.23.2 Local Denial of Service", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2020/Nov/44", }, { url: "http://packetstormsecurity.com/files/160281/SciKit-Learn-0.23.2-Denial-Of-Service.html", }, { url: "https://github.com/scikit-learn/scikit-learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85", }, { name: "GLSA-202301-03", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202301-03", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-28975", datePublished: "2020-11-21T00:00:00", dateReserved: "2020-11-21T00:00:00", dateUpdated: "2024-08-04T16:48:01.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-50782
Vulnerability from cvelistv5
Published
2024-02-05 20:45
Modified
2024-11-25 10:24
Severity ?
EPSS score ?
Summary
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
References
â–Ľ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-50782 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2254432 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
â–Ľ |
Version: 3.2 ≤ |
||||||||||||||||||||||||||||||||||||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:23:43.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-50782", }, { name: "RHBZ#2254432", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254432", }, { tags: [ "x_transferred", ], url: "https://www.couchbase.com/alerts/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/pyca/cryptography", defaultStatus: "unaffected", packageName: "python-cryptography", versions: [ { lessThan: "42.0.0", status: "affected", version: "3.2", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:ansible_automation_platform:2", ], defaultStatus: "unaffected", packageName: "python-cryptography", product: "Red Hat Ansible Automation Platform 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "python-cryptography", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "python39:3.9/python-cryptography", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "python-cryptography", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "python-cryptography", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:satellite:6", ], defaultStatus: "unaffected", packageName: "python-cryptography", product: "Red Hat Satellite 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhui:4::el8", ], defaultStatus: "affected", packageName: "python-cryptography", product: "Red Hat Update Infrastructure 4 for Cloud Providers", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Hubert Kario (Red Hat).", }, ], datePublic: "2023-12-13T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-208", description: "Observable Timing Discrepancy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-25T10:24:46.647Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-50782", }, { name: "RHBZ#2254432", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254432", }, ], timeline: [ { lang: "en", time: "2023-12-13T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-12-13T00:00:00+00:00", value: "Made public.", }, ], title: "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-327->CWE-385->CWE-208: Use of a Broken or Risky Cryptographic Algorithm leads to Covert Timing Channel leads to Observable Timing Discrepancy", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-50782", datePublished: "2024-02-05T20:45:49.705Z", dateReserved: "2023-12-13T20:44:02.023Z", dateUpdated: "2024-11-25T10:24:46.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21532
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-02-18 20:23
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
References
â–Ľ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpujan2025.html | vendor-advisory |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Oracle Corporation | Oracle Analytics Desktop |
Version: * < 8.1.0 cpe:2.3:a:oracle:analytics_desktop:prior_to_8.1.0:*:*:*:*:*:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21532", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T18:04:14.034091Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-18T20:23:52.419Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:oracle:analytics_desktop:prior_to_8.1.0:*:*:*:*:*:*:*", ], product: "Oracle Analytics Desktop", vendor: "Oracle Corporation", versions: [ { lessThan: "8.1.0", status: "affected", version: "*", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en-US", value: "Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop.", lang: "en-US", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-21T20:53:09.111Z", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "Oracle Advisory", tags: [ "vendor-advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2025.html", }, ], }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2025-21532", datePublished: "2025-01-21T20:53:09.111Z", dateReserved: "2024-12-24T23:18:54.771Z", dateUpdated: "2025-02-18T20:23:52.419Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0727
Vulnerability from cvelistv5
Published
2024-01-26 08:57
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential Denial of Service attack
Impact summary: Applications loading files in the PKCS12 format from untrusted
sources might terminate abruptly.
A file in PKCS12 format can contain certificates and keys and may come from an
untrusted source. The PKCS12 specification allows certain fields to be NULL, but
OpenSSL does not correctly check for this case. This can lead to a NULL pointer
dereference that results in OpenSSL crashing. If an application processes PKCS12
files from an untrusted source using the OpenSSL APIs then that application will
be vulnerable to this issue.
OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security significant.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T18:18:17.369Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "OpenSSL Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20240125.txt", }, { name: "3.2.1 git commit", tags: [ "patch", "x_transferred", ], url: "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", }, { name: "3.1.5 git commit", tags: [ "patch", "x_transferred", ], url: "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", }, { name: "3.0.13 git commit", tags: [ "patch", "x_transferred", ], url: "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", }, { name: "1.1.1x git commit", tags: [ "patch", "x_transferred", ], url: "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", }, { name: "1.0.2zj git commit", tags: [ "patch", "x_transferred", ], url: "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240208-0006/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/11/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "OpenSSL", vendor: "OpenSSL", versions: [ { lessThan: "3.2.1", status: "affected", version: "3.2.0", versionType: "semver", }, { lessThan: "3.1.5", status: "affected", version: "3.1.0", versionType: "semver", }, { lessThan: "3.0.13", status: "affected", version: "3.0.0", versionType: "semver", }, { lessThan: "1.1.1x", status: "affected", version: "1.1.1", versionType: "custom", }, { lessThan: "1.0.2zj", status: "affected", version: "1.0.2", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Bahaa Naamneh (Crosspoint Labs)", }, { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Matt Caswell", }, ], datePublic: "2024-01-25T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL<br>to crash leading to a potential Denial of Service attack<br><br>Impact summary: Applications loading files in the PKCS12 format from untrusted<br>sources might terminate abruptly.<br><br>A file in PKCS12 format can contain certificates and keys and may come from an<br>untrusted source. The PKCS12 specification allows certain fields to be NULL, but<br>OpenSSL does not correctly check for this case. This can lead to a NULL pointer<br>dereference that results in OpenSSL crashing. If an application processes PKCS12<br>files from an untrusted source using the OpenSSL APIs then that application will<br>be vulnerable to this issue.<br><br>OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),<br>PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()<br>and PKCS12_newpass().<br><br>We have also fixed a similar issue in SMIME_write_PKCS7(). However since this<br>function is related to writing data we do not consider it security significant.<br><br>The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", }, ], value: "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", }, ], metrics: [ { format: "other", other: { content: { text: "Low", }, type: "https://www.openssl.org/policies/secpolicy.html", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-14T14:55:58.371Z", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "OpenSSL Advisory", tags: [ "vendor-advisory", ], url: "https://www.openssl.org/news/secadv/20240125.txt", }, { name: "3.2.1 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", }, { name: "3.1.5 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", }, { name: "3.0.13 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", }, { name: "1.1.1x git commit", tags: [ "patch", ], url: "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", }, { name: "1.0.2zj git commit", tags: [ "patch", ], url: "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", }, ], source: { discovery: "UNKNOWN", }, title: "PKCS12 Decoding crashes", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2024-0727", datePublished: "2024-01-26T08:57:19.579Z", dateReserved: "2024-01-19T11:01:11.010Z", dateUpdated: "2024-10-14T14:55:58.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33813
Vulnerability from cvelistv5
Published
2021-06-16 11:18
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:58:23.111Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/hunterhacker/jdom/pull/188", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/hunterhacker/jdom/releases", }, { name: "[debian-lts-announce] 20210629 [SECURITY] [DLA 2696-1] libjdom2-java security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00026.html", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15530) High security vulnerability in jackson-databind bundled within Solr 8.9", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r89b3800cfabb1e773e49425e5d4239c28a659839a2eca6af3431482e%40%3Cissues.solr.apache.org%3E", }, { name: "[debian-lts-announce] 20210720 [SECURITY] [DLA 2712-1] libjdom1-java security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00012.html", }, { name: "[tika-dev] 20210721 [jira] [Created] (TIKA-3488) Security issue XXE in TIKA due to JDOM", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfb7a93e40ebeb1e0068cde0bf3834dcab46bb1ef06d6424db48ed9fd%40%3Cdev.tika.apache.org%3E", }, { name: "[solr-issues] 20210813 [jira] [Commented] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r845e987b7cd8efe610284958e997b84583f5a98d3394adc09e3482fe%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210813 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5674106135bb1a6ef57483f4c63a9c44bca85d0e2a8a05895a8f1d89%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [jira] [Commented] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6db397ae7281ead825338200d1f62d2827585a70797cc9ac0c4bd23f%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [jira] [Resolved] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r21c406c7ed88fe340db7dbae75e58355159e6c324037c7d5547bf40b%40%3Cissues.solr.apache.org%3E", }, { name: "FEDORA-2021-3cb0d02576", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AH46QHE5GIMT6BL6C3GDTOYF27JYILXM/", }, { name: "FEDORA-2021-f88d2dcc47", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWFVYTHGILOQXUA7U3SPOERQXL7OPSZG/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://alephsecurity.com/vulns/aleph-2021003", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:28:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/hunterhacker/jdom/pull/188", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/hunterhacker/jdom/releases", }, { name: "[debian-lts-announce] 20210629 [SECURITY] [DLA 2696-1] libjdom2-java security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00026.html", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15530) High security vulnerability in jackson-databind bundled within Solr 8.9", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r89b3800cfabb1e773e49425e5d4239c28a659839a2eca6af3431482e%40%3Cissues.solr.apache.org%3E", }, { name: "[debian-lts-announce] 20210720 [SECURITY] [DLA 2712-1] libjdom1-java security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00012.html", }, { name: "[tika-dev] 20210721 [jira] [Created] (TIKA-3488) Security issue XXE in TIKA due to JDOM", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfb7a93e40ebeb1e0068cde0bf3834dcab46bb1ef06d6424db48ed9fd%40%3Cdev.tika.apache.org%3E", }, { name: "[solr-issues] 20210813 [jira] [Commented] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r845e987b7cd8efe610284958e997b84583f5a98d3394adc09e3482fe%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210813 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5674106135bb1a6ef57483f4c63a9c44bca85d0e2a8a05895a8f1d89%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [jira] [Commented] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6db397ae7281ead825338200d1f62d2827585a70797cc9ac0c4bd23f%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [jira] [Resolved] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r21c406c7ed88fe340db7dbae75e58355159e6c324037c7d5547bf40b%40%3Cissues.solr.apache.org%3E", }, { name: "FEDORA-2021-3cb0d02576", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AH46QHE5GIMT6BL6C3GDTOYF27JYILXM/", }, { name: "FEDORA-2021-f88d2dcc47", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWFVYTHGILOQXUA7U3SPOERQXL7OPSZG/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://alephsecurity.com/vulns/aleph-2021003", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-33813", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/hunterhacker/jdom/pull/188", refsource: "MISC", url: "https://github.com/hunterhacker/jdom/pull/188", }, { name: "https://github.com/hunterhacker/jdom/releases", refsource: "MISC", url: "https://github.com/hunterhacker/jdom/releases", }, { name: "[debian-lts-announce] 20210629 [SECURITY] [DLA 2696-1] libjdom2-java security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00026.html", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210711 [jira] [Created] (SOLR-15530) High security vulnerability in jackson-databind bundled within Solr 8.9", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r89b3800cfabb1e773e49425e5d4239c28a659839a2eca6af3431482e@%3Cissues.solr.apache.org%3E", }, { name: "[debian-lts-announce] 20210720 [SECURITY] [DLA 2712-1] libjdom1-java security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/07/msg00012.html", }, { name: "[tika-dev] 20210721 [jira] [Created] (TIKA-3488) Security issue XXE in TIKA due to JDOM", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfb7a93e40ebeb1e0068cde0bf3834dcab46bb1ef06d6424db48ed9fd@%3Cdev.tika.apache.org%3E", }, { name: "[solr-issues] 20210813 [jira] [Commented] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r845e987b7cd8efe610284958e997b84583f5a98d3394adc09e3482fe@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210813 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5674106135bb1a6ef57483f4c63a9c44bca85d0e2a8a05895a8f1d89@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [jira] [Commented] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6db397ae7281ead825338200d1f62d2827585a70797cc9ac0c4bd23f@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210819 [jira] [Resolved] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r21c406c7ed88fe340db7dbae75e58355159e6c324037c7d5547bf40b@%3Cissues.solr.apache.org%3E", }, { name: "FEDORA-2021-3cb0d02576", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AH46QHE5GIMT6BL6C3GDTOYF27JYILXM/", }, { name: "FEDORA-2021-f88d2dcc47", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWFVYTHGILOQXUA7U3SPOERQXL7OPSZG/", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://alephsecurity.com/vulns/aleph-2021003", refsource: "MISC", url: "https://alephsecurity.com/vulns/aleph-2021003", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-33813", datePublished: "2021-06-16T11:18:14", dateReserved: "2021-06-03T00:00:00", dateUpdated: "2024-08-03T23:58:23.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40150
Vulnerability from cvelistv5
Published
2022-09-16 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:14:39.669Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/jettison-json/jettison/issues/45", }, { tags: [ "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549", }, { name: "[debian-lts-announce] 20221231 [SECURITY] [DLA 3259-1] libjettison-java security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html", }, { name: "DSA-5312", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5312", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Jettison", vendor: "Jettison", versions: [ { lessThanOrEqual: "1.4.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-11T00:00:00", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/jettison-json/jettison/issues/45", }, { url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549", }, { name: "[debian-lts-announce] 20221231 [SECURITY] [DLA 3259-1] libjettison-java security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00045.html", }, { name: "DSA-5312", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5312", }, ], source: { discovery: "INTERNAL", }, title: "Stack Buffer Overflow in Jettison", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2022-40150", datePublished: "2022-09-16T00:00:00", dateReserved: "2022-09-07T00:00:00", dateUpdated: "2024-08-03T12:14:39.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25399
Vulnerability from cvelistv5
Published
2023-07-05 00:00
Modified
2024-08-02 11:18
Severity ?
EPSS score ?
Summary
A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:scipy:scipy:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "scipy", vendor: "scipy", versions: [ { lessThan: "1.10.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-25399", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T19:33:37.465319Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401 Missing Release of Memory after Effective Lifetime", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:18:44.283Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T11:18:36.341Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/scipy/scipy/issues/16235", }, { tags: [ "x_transferred", ], url: "https://github.com/scipy/scipy/pull/16397", }, { tags: [ "x_transferred", ], url: "http://www.square16.org/achievement/cve-2023-25399/", }, { tags: [ "x_transferred", ], url: "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-13T22:13:32.327721", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/scipy/scipy/issues/16235", }, { url: "https://github.com/scipy/scipy/pull/16397", }, { url: "http://www.square16.org/achievement/cve-2023-25399/", }, { url: "https://github.com/scipy/scipy/issues/16235#issuecomment-1625361328", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-25399", datePublished: "2023-07-05T00:00:00", dateReserved: "2023-02-06T00:00:00", dateUpdated: "2024-08-02T11:18:36.341Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7760
Vulnerability from cvelistv5
Published
2020-10-30 11:10
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*
References
â–Ľ | URL | Tags |
---|---|---|
https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937 | x_refsource_MISC | |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445 | x_refsource_MISC | |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446 | x_refsource_MISC | |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447 | x_refsource_MISC | |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448 | x_refsource_MISC | |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449 | x_refsource_MISC | |
https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450 | x_refsource_MISC | |
https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb | x_refsource_MISC | |
https://www.debian.org/security/2020/dsa-4789 | vendor-advisory, x_refsource_DEBIAN | |
https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
https://www.oracle.com//security-alerts/cpujul2021.html | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | n/a | codemirror |
Version: unspecified < 5.58.2 |
||||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:41:01.567Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb", }, { name: "DSA-4789", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4789", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "codemirror", vendor: "n/a", versions: [ { lessThan: "5.58.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "org.apache.marmotta.webjars:codemirror", vendor: "n/a", versions: [ { lessThan: "5.58.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Yeting Li", }, ], datePublic: "2020-10-30T00:00:00", descriptions: [ { lang: "en", value: "This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "PROOF_OF_CONCEPT", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.8, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Regular Expression Denial of Service (ReDoS)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:23:17", orgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", shortName: "snyk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb", }, { name: "DSA-4789", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4789", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "Regular Expression Denial of Service (ReDoS)", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "report@snyk.io", DATE_PUBLIC: "2020-10-30T11:07:07.654911Z", ID: "CVE-2020-7760", STATE: "PUBLIC", TITLE: "Regular Expression Denial of Service (ReDoS)", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "codemirror", version: { version_data: [ { version_affected: "<", version_value: "5.58.2", }, ], }, }, ], }, vendor_name: "n/a", }, { product: { product_data: [ { product_name: "org.apache.marmotta.webjars:codemirror", version: { version_data: [ { version_affected: "<", version_value: "5.58.2", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, credit: [ { lang: "eng", value: "Yeting Li", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Regular Expression Denial of Service (ReDoS)", }, ], }, ], }, references: { reference_data: [ { name: "https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937", }, { name: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1024445", }, { name: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-1024446", }, { name: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1024447", }, { name: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCODEMIRROR-1024448", }, { name: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1024449", }, { name: "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450", refsource: "MISC", url: "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEMARMOTTAWEBJARS-1024450", }, { name: "https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb", refsource: "MISC", url: "https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb", }, { name: "DSA-4789", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4789", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "bae035ff-b466-4ff4-94d0-fc9efd9e1730", assignerShortName: "snyk", cveId: "CVE-2020-7760", datePublished: "2020-10-30T11:10:32.942218Z", dateReserved: "2020-01-21T00:00:00", dateUpdated: "2024-09-17T01:06:44.297Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38820
Vulnerability from cvelistv5
Published
2024-10-18 05:39
Modified
2024-11-29 12:04
Severity ?
EPSS score ?
Summary
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.
References
â–Ľ | URL | Tags |
---|---|---|
https://spring.io/security/cve-2024-38820 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38820", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-18T16:33:48.971617Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-178", description: "CWE-178 Improper Handling of Case Sensitivity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-05T20:15:24.631Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-11-29T12:04:41.387Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20241129-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "affected", packageName: "Spring Framework", product: "Spring", vendor: "VMware", versions: [ { lessThan: "5.3.41", status: "affected", version: "5.3.x", versionType: "Enterprise Support Only", }, { lessThan: "6.0.25", status: "affected", version: "6.0.x", versionType: "Enterprise Support Only", }, { lessThan: "6.1.14", status: "affected", version: "6.1.x", versionType: "OSS", }, ], }, ], datePublic: "2024-10-17T05:32:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div><div><p>The fix for CVE-2022-22968 made <code>disallowedFields</code> patterns in <code>DataBinder</code> case insensitive. However, <code>String.toLowerCase()</code> has some Locale dependent exceptions that could potentially result in fields not protected as expected.</p></div></div><div><br></div><br>", }, ], value: "The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-18T05:39:05.275Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2024-38820", }, ], source: { discovery: "UNKNOWN", }, title: "CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2024-38820", datePublished: "2024-10-18T05:39:05.275Z", dateReserved: "2024-06-19T22:32:06.583Z", dateUpdated: "2024-11-29T12:04:41.387Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26130
Vulnerability from cvelistv5
Published
2024-02-21 16:28
Modified
2024-08-14 20:01
Severity ?
EPSS score ?
Summary
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
References
â–Ľ | URL | Tags |
---|---|---|
https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4 | x_refsource_CONFIRM | |
https://github.com/pyca/cryptography/pull/10423 | x_refsource_MISC | |
https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
pyca | cryptography |
Version: >= 38.0.0, < 42.0.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:59:32.542Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4", }, { name: "https://github.com/pyca/cryptography/pull/10423", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pyca/cryptography/pull/10423", }, { name: "https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:cryptography_project:cryptography:*:*:*:*:*:python:*:*", ], defaultStatus: "unknown", product: "cryptography", vendor: "cryptography_project", versions: [ { lessThan: "42.04", status: "affected", version: "38.0.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-26130", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T19:56:07.150963Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T20:01:52.628Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "cryptography", vendor: "pyca", versions: [ { status: "affected", version: ">= 38.0.0, < 42.0.4", }, ], }, ], descriptions: [ { lang: "en", value: "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-21T16:28:18.632Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4", }, { name: "https://github.com/pyca/cryptography/pull/10423", tags: [ "x_refsource_MISC", ], url: "https://github.com/pyca/cryptography/pull/10423", }, { name: "https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55", tags: [ "x_refsource_MISC", ], url: "https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55", }, ], source: { advisory: "GHSA-6vqw-3v5j-54x4", discovery: "UNKNOWN", }, title: "cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-26130", datePublished: "2024-02-21T16:28:18.632Z", dateReserved: "2024-02-14T17:40:03.687Z", dateUpdated: "2024-08-14T20:01:52.628Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43382
Vulnerability from cvelistv5
Published
2024-10-30 00:00
Modified
2024-10-31 14:15
Severity ?
EPSS score ?
Summary
Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:snowflake:snowflake_jdbc:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snowflake_jdbc", vendor: "snowflake", versions: [ { lessThanOrEqual: "3.19.1", status: "affected", version: "3.2.6", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-43382", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-31T14:08:18.791494Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-326", description: "CWE-326 Inadequate Encryption Strength", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-31T14:15:16.685Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T20:27:59.009714", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-f686-hw9c-xw9c", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-43382", datePublished: "2024-10-30T00:00:00", dateReserved: "2024-08-10T00:00:00", dateUpdated: "2024-10-31T14:15:16.685Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-22195
Vulnerability from cvelistv5
Published
2024-01-11 02:25
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:35:34.831Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95", }, { name: "https://github.com/pallets/jinja/releases/tag/3.1.3", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/jinja/releases/tag/3.1.3", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "jinja", vendor: "pallets", versions: [ { status: "affected", version: "< 3.1.3", }, ], }, ], descriptions: [ { lang: "en", value: "Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-27T03:06:22.076Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95", }, { name: "https://github.com/pallets/jinja/releases/tag/3.1.3", tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/jinja/releases/tag/3.1.3", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/", }, ], source: { advisory: "GHSA-h5c8-rqwp-cp95", discovery: "UNKNOWN", }, title: "Jinja vulnerable to Cross-Site Scripting (XSS)", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-22195", datePublished: "2024-01-11T02:25:44.239Z", dateReserved: "2024-01-08T04:59:27.371Z", dateUpdated: "2025-02-13T17:33:34.289Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-4785
Vulnerability from cvelistv5
Published
2023-09-13 16:31
Modified
2024-09-25 18:05
Severity ?
EPSS score ?
Summary
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:38:00.495Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/grpc/grpc/pull/33656", }, { tags: [ "x_transferred", ], url: "https://github.com/grpc/grpc/pull/33667", }, { tags: [ "x_transferred", ], url: "https://github.com/grpc/grpc/pull/33669", }, { tags: [ "x_transferred", ], url: "https://github.com/grpc/grpc/pull/33670", }, { tags: [ "x_transferred", ], url: "https://github.com/grpc/grpc/pull/33672", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "grpc", vendor: "grpc", versions: [ { lessThan: "1.23", status: "affected", version: "0", versionType: "custom", }, { status: "affected", version: "1.57", }, { lessThanOrEqual: "1.56.1", status: "affected", version: "1.56.0", versionType: "custom", }, { lessThanOrEqual: "155.2", status: "affected", version: "1.55.0", versionType: "custom", }, { lessThanOrEqual: "1.54.2", status: "affected", version: "1.54.0", versionType: "custom", }, { lessThanOrEqual: "1.53.1", status: "affected", version: "1.53.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-4785", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-25T18:02:01.004344Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-25T18:05:52.337Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Posix-compatible platforms", ], product: "gRPC", repo: "https://github.com/grpc/grpc", vendor: "Google", versions: [ { lessThan: "1.23", status: "unaffected", version: "0", versionType: "custom", }, { status: "unaffected", version: "1.57", }, { changes: [ { at: "1.56.2", status: "unaffected", }, ], lessThanOrEqual: "1.56.1", status: "affected", version: "1.56.0", versionType: "custom", }, { changes: [ { at: "1.55.3", status: "unaffected", }, ], lessThanOrEqual: "1.55.2", status: "affected", version: "1.55.0", versionType: "custom", }, { changes: [ { at: "1.54.3", status: "unaffected", }, ], lessThanOrEqual: "154.2", status: "affected", version: "1.54.0", versionType: "custom", }, { changes: [ { at: "1.53.2", status: "unaffected", }, ], lessThanOrEqual: "1.53.1", status: "affected", version: "1.53.0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. ", }, ], value: "Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. ", }, ], impacts: [ { capecId: "CAPEC-125", descriptions: [ { lang: "en", value: "CAPEC-125 Flooding", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-248", description: "CWE-248", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-13T16:37:13.825Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/grpc/grpc/pull/33656", }, { url: "https://github.com/grpc/grpc/pull/33667", }, { url: "https://github.com/grpc/grpc/pull/33669", }, { url: "https://github.com/grpc/grpc/pull/33670", }, { url: "https://github.com/grpc/grpc/pull/33672", }, ], source: { discovery: "UNKNOWN", }, title: "Denial of Service in gRPC Core ", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2023-4785", datePublished: "2023-09-13T16:31:55.664Z", dateReserved: "2023-09-06T04:50:57.530Z", dateUpdated: "2024-09-25T18:05:52.337Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32732
Vulnerability from cvelistv5
Published
2023-06-09 10:48
Modified
2025-02-13 16:55
Severity ?
EPSS score ?
Summary
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.637Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/grpc/grpc/pull/32309", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "grpc", vendor: "grpc", versions: [ { lessThan: "1.54", status: "affected", version: "1.53", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-32732", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T18:59:27.982940Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T19:03:12.183Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "gRPC", vendor: "Google", versions: [ { lessThan: "1.54", status: "affected", version: "1.53", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?sa=D&q=https%3A%2F%2Fgithub.com%2Fgrpc%2Fgrpc%2Fpull%2F32309\">https://github.com/grpc/grpc/pull/32309</a><br>", }, ], value: "gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url", }, ], impacts: [ { capecId: "CAPEC-220", descriptions: [ { lang: "en", value: "CAPEC-220 Client-Server Protocol Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-440", description: "CWE-440: Expected Behavior Violation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-23T02:06:09.201Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/grpc/grpc/pull/32309", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL/", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Fixes available in these releases:<br>- 1.52.2: <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.52.2\">https://github.com/grpc/grpc/releases/tag/v1.52.2</a><br>- 1.53.1: <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.53.1\">https://github.com/grpc/grpc/releases/tag/v1.53.1</a><br>- 1.54.2: <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.54.2\">https://github.com/grpc/grpc/releases/tag/v1.54.2</a><br>- 1.55.0: <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/grpc/grpc/releases/tag/v1.55.0\">https://github.com/grpc/grpc/releases/tag/v1.55.0</a><br><br>", }, ], value: "Fixes available in these releases:\n- 1.52.2: https://github.com/grpc/grpc/releases/tag/v1.52.2 https://github.com/grpc/grpc/releases/tag/v1.52.2 \n- 1.53.1: https://github.com/grpc/grpc/releases/tag/v1.53.1 https://github.com/grpc/grpc/releases/tag/v1.53.1 \n- 1.54.2: https://github.com/grpc/grpc/releases/tag/v1.54.2 https://github.com/grpc/grpc/releases/tag/v1.54.2 \n- 1.55.0: https://github.com/grpc/grpc/releases/tag/v1.55.0 https://github.com/grpc/grpc/releases/tag/v1.55.0", }, ], source: { discovery: "UNKNOWN", }, title: "Denial-of-Service in gRPC", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2023-32732", datePublished: "2023-06-09T10:48:15.075Z", dateReserved: "2023-05-12T08:58:54.033Z", dateUpdated: "2025-02-13T16:55:01.392Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-44487
Vulnerability from cvelistv5
Published
2023-10-10 00:00
Modified
2024-08-19 07:48
Severity ?
EPSS score ?
Summary
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "http", vendor: "ietf", versions: [ { status: "affected", version: "2.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-44487", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T20:34:21.334116Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-10-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-44487", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-23T20:35:03.253Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-19T07:48:04.546Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { tags: [ "x_transferred", ], url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { tags: [ "x_transferred", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { tags: [ "x_transferred", ], url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { tags: [ "x_transferred", ], url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { tags: [ "x_transferred", ], url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37831062", }, { tags: [ "x_transferred", ], url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { tags: [ "x_transferred", ], url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { tags: [ "x_transferred", ], url: "https://github.com/envoyproxy/envoy/pull/30055", }, { tags: [ "x_transferred", ], url: "https://github.com/haproxy/haproxy/issues/2312", }, { tags: [ "x_transferred", ], url: "https://github.com/eclipse/jetty.project/issues/10679", }, { tags: [ "x_transferred", ], url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { tags: [ "x_transferred", ], url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { tags: [ "x_transferred", ], url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { tags: [ "x_transferred", ], url: "https://github.com/alibaba/tengine/issues/1872", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37830987", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37830998", }, { tags: [ "x_transferred", ], url: "https://github.com/caddyserver/caddy/issues/5877", }, { tags: [ "x_transferred", ], url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { tags: [ "x_transferred", ], url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/grpc/grpc-go/pull/6703", }, { tags: [ "x_transferred", ], url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { tags: [ "x_transferred", ], url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { tags: [ "x_transferred", ], url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { tags: [ "x_transferred", ], url: "https://my.f5.com/manage/s/article/K000137106", }, { tags: [ "x_transferred", ], url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { tags: [ "x_transferred", ], url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { tags: [ "x_transferred", ], url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { tags: [ "x_transferred", ], url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { tags: [ "x_transferred", ], url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { tags: [ "x_transferred", ], url: "https://github.com/facebook/proxygen/pull/466", }, { tags: [ "x_transferred", ], url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { tags: [ "x_transferred", ], url: "https://github.com/micrictor/http2-rst-stream", }, { tags: [ "x_transferred", ], url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { tags: [ "x_transferred", ], url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { tags: [ "x_transferred", ], url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { tags: [ "x_transferred", ], url: "https://github.com/h2o/h2o/pull/3291", }, { tags: [ "x_transferred", ], url: "https://github.com/nodejs/node/pull/50121", }, { tags: [ "x_transferred", ], url: "https://github.com/dotnet/announcements/issues/277", }, { tags: [ "x_transferred", ], url: "https://github.com/golang/go/issues/63417", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/trafficserver/pull/10564", }, { tags: [ "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { tags: [ "x_transferred", ], url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { tags: [ "x_transferred", ], url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { tags: [ "x_transferred", ], url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { tags: [ "x_transferred", ], url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { tags: [ "x_transferred", ], url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37837043", }, { tags: [ "x_transferred", ], url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { tags: [ "x_transferred", ], url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { tags: [ "x_transferred", ], url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { name: "DSA-5522", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { name: "DSA-5521", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/ninenines/cowboy/issues/1615", }, { tags: [ "x_transferred", ], url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { tags: [ "x_transferred", ], url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { tags: [ "x_transferred", ], url: "https://blog.vespa.ai/cve-2023-44487/", }, { tags: [ "x_transferred", ], url: "https://github.com/etcd-io/etcd/issues/16740", }, { tags: [ "x_transferred", ], url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { tags: [ "x_transferred", ], url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { tags: [ "x_transferred", ], url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/httpd-site/pull/10", }, { tags: [ "x_transferred", ], url: "https://github.com/projectcontour/contour/pull/5826", }, { tags: [ "x_transferred", ], url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { tags: [ "x_transferred", ], url: "https://github.com/line/armeria/pull/5232", }, { tags: [ "x_transferred", ], url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { tags: [ "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://github.com/akka/akka-http/issues/4323", }, { tags: [ "x_transferred", ], url: "https://github.com/openresty/openresty/issues/930", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/apisix/issues/10320", }, { tags: [ "x_transferred", ], url: "https://github.com/Azure/AKS/issues/3947", }, { tags: [ "x_transferred", ], url: "https://github.com/Kong/kong/discussions/11741", }, { tags: [ "x_transferred", ], url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { tags: [ "x_transferred", ], url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { tags: [ "x_transferred", ], url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { name: "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { tags: [ "x_transferred", ], url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { tags: [ "x_transferred", ], url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { name: "FEDORA-2023-ed2642fd58", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { tags: [ "x_transferred", ], url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { name: "[oss-security] 20231018 Vulnerability in Jenkins", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { name: "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { name: "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { name: "FEDORA-2023-54fadada12", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { name: "FEDORA-2023-5ff7bf1dd8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { name: "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { name: "FEDORA-2023-17efd3f2cd", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { name: "FEDORA-2023-d5030c983c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { name: "FEDORA-2023-0259c3f26f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { name: "FEDORA-2023-2a9214af5f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { name: "FEDORA-2023-e9c04d81c1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { name: "FEDORA-2023-f66fc0f62a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { name: "FEDORA-2023-4d2fd884ea", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { name: "FEDORA-2023-b2c50535cb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { name: "FEDORA-2023-fe53e13b5b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { name: "FEDORA-2023-4bf641255e", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { name: "DSA-5540", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { name: "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { tags: [ "x_transferred", ], url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { name: "FEDORA-2023-1caffb88af", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { name: "FEDORA-2023-3f70b8d406", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { name: "FEDORA-2023-7b52921cae", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { name: "FEDORA-2023-7934802344", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { name: "FEDORA-2023-dbe64661af", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { name: "FEDORA-2023-822aab0a5a", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { name: "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { name: "DSA-5549", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { name: "FEDORA-2023-c0c6a91330", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { name: "FEDORA-2023-492b7be466", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { name: "DSA-5558", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { name: "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { name: "GLSA-202311-09", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, { name: "DSA-5570", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, { url: "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:08:34.967324", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", }, { url: "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", }, { url: "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", }, { url: "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", }, { url: "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", }, { url: "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", }, { url: "https://news.ycombinator.com/item?id=37831062", }, { url: "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", }, { url: "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", }, { url: "https://github.com/envoyproxy/envoy/pull/30055", }, { url: "https://github.com/haproxy/haproxy/issues/2312", }, { url: "https://github.com/eclipse/jetty.project/issues/10679", }, { url: "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", }, { url: "https://github.com/nghttp2/nghttp2/pull/1961", }, { url: "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", }, { url: "https://github.com/alibaba/tengine/issues/1872", }, { url: "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", }, { url: "https://news.ycombinator.com/item?id=37830987", }, { url: "https://news.ycombinator.com/item?id=37830998", }, { url: "https://github.com/caddyserver/caddy/issues/5877", }, { url: "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", }, { url: "https://github.com/bcdannyboy/CVE-2023-44487", }, { url: "https://github.com/grpc/grpc-go/pull/6703", }, { url: "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", }, { url: "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", }, { url: "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", }, { url: "https://my.f5.com/manage/s/article/K000137106", }, { url: "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", }, { url: "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", }, { url: "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", }, { url: "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", }, { url: "https://github.com/microsoft/CBL-Mariner/pull/6381", }, { url: "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", }, { url: "https://github.com/facebook/proxygen/pull/466", }, { url: "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", }, { url: "https://github.com/micrictor/http2-rst-stream", }, { url: "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", }, { url: "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", }, { url: "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", }, { url: "https://github.com/h2o/h2o/pull/3291", }, { url: "https://github.com/nodejs/node/pull/50121", }, { url: "https://github.com/dotnet/announcements/issues/277", }, { url: "https://github.com/golang/go/issues/63417", }, { url: "https://github.com/advisories/GHSA-vx74-f528-fxqg", }, { url: "https://github.com/apache/trafficserver/pull/10564", }, { url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", }, { url: "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", }, { url: "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", }, { url: "https://www.openwall.com/lists/oss-security/2023/10/10/6", }, { url: "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", }, { url: "https://github.com/opensearch-project/data-prepper/issues/3474", }, { url: "https://github.com/kubernetes/kubernetes/pull/121120", }, { url: "https://github.com/oqtane/oqtane.framework/discussions/3367", }, { url: "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", }, { url: "https://netty.io/news/2023/10/10/4-1-100-Final.html", }, { url: "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", }, { url: "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", }, { url: "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", }, { url: "https://news.ycombinator.com/item?id=37837043", }, { url: "https://github.com/kazu-yamamoto/http2/issues/93", }, { url: "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", }, { url: "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", }, { url: "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", }, { name: "DSA-5522", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { name: "DSA-5521", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5521", }, { url: "https://access.redhat.com/security/cve/cve-2023-44487", }, { url: "https://github.com/ninenines/cowboy/issues/1615", }, { url: "https://github.com/varnishcache/varnish-cache/issues/3996", }, { url: "https://github.com/tempesta-tech/tempesta/issues/1986", }, { url: "https://blog.vespa.ai/cve-2023-44487/", }, { url: "https://github.com/etcd-io/etcd/issues/16740", }, { url: "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", }, { url: "https://istio.io/latest/news/security/istio-security-2023-004/", }, { url: "https://github.com/junkurihara/rust-rpxy/issues/97", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1216123", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", }, { url: "https://ubuntu.com/security/CVE-2023-44487", }, { url: "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", }, { url: "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", }, { url: "https://github.com/apache/httpd-site/pull/10", }, { url: "https://github.com/projectcontour/contour/pull/5826", }, { url: "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", }, { url: "https://github.com/line/armeria/pull/5232", }, { url: "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", }, { url: "https://security.paloaltonetworks.com/CVE-2023-44487", }, { url: "https://github.com/akka/akka-http/issues/4323", }, { url: "https://github.com/openresty/openresty/issues/930", }, { url: "https://github.com/apache/apisix/issues/10320", }, { url: "https://github.com/Azure/AKS/issues/3947", }, { url: "https://github.com/Kong/kong/discussions/11741", }, { url: "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", }, { url: "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", }, { url: "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", }, { name: "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/4", }, { name: "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/9", }, { url: "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", }, { url: "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", }, { name: "FEDORA-2023-ed2642fd58", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", }, { url: "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", }, { url: "https://security.netapp.com/advisory/ntap-20231016-0001/", }, { name: "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", }, { name: "[oss-security] 20231018 Vulnerability in Jenkins", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { name: "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/8", }, { name: "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/19/6", }, { name: "FEDORA-2023-54fadada12", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", }, { name: "FEDORA-2023-5ff7bf1dd8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", }, { name: "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/20/8", }, { name: "FEDORA-2023-17efd3f2cd", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", }, { name: "FEDORA-2023-d5030c983c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", }, { name: "FEDORA-2023-0259c3f26f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", }, { name: "FEDORA-2023-2a9214af5f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", }, { name: "FEDORA-2023-e9c04d81c1", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", }, { name: "FEDORA-2023-f66fc0f62a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", }, { name: "FEDORA-2023-4d2fd884ea", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", }, { name: "FEDORA-2023-b2c50535cb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", }, { name: "FEDORA-2023-fe53e13b5b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { name: "FEDORA-2023-4bf641255e", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { name: "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { name: "DSA-5540", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { name: "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", }, { url: "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", }, { name: "FEDORA-2023-1caffb88af", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", }, { name: "FEDORA-2023-3f70b8d406", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", }, { name: "FEDORA-2023-7b52921cae", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", }, { name: "FEDORA-2023-7934802344", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", }, { name: "FEDORA-2023-dbe64661af", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", }, { name: "FEDORA-2023-822aab0a5a", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { name: "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", }, { name: "DSA-5549", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5549", }, { name: "FEDORA-2023-c0c6a91330", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", }, { name: "FEDORA-2023-492b7be466", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", }, { name: "DSA-5558", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5558", }, { name: "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", }, { name: "GLSA-202311-09", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202311-09", }, { name: "DSA-5570", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5570", }, { url: "https://security.netapp.com/advisory/ntap-20240426-0007/", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-44487", datePublished: "2023-10-10T00:00:00", dateReserved: "2023-09-29T00:00:00", dateUpdated: "2024-08-19T07:48:04.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-43804
Vulnerability from cvelistv5
Published
2023-10-04 16:01
Modified
2025-02-13 17:13
Severity ?
EPSS score ?
Summary
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-12-13T13:09:25.296Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f", }, { name: "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb", }, { name: "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/", }, { url: "https://www.vicarius.io/vsociety/posts/cve-2023-43804-urllib3-vulnerability-3", }, { url: "https://security.netapp.com/advisory/ntap-20241213-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "urllib3", vendor: "urllib3", versions: [ { status: "affected", version: ">= 2.0.0, < 2.0.6", }, { status: "affected", version: "< 1.26.17", }, ], }, ], descriptions: [ { lang: "en", value: "urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-03T21:06:26.816Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f", }, { name: "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb", tags: [ "x_refsource_MISC", ], url: "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb", }, { name: "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d", tags: [ "x_refsource_MISC", ], url: "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d", }, { url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/", }, ], source: { advisory: "GHSA-v845-jxx5-vc9f", discovery: "UNKNOWN", }, title: "`Cookie` HTTP header isn't stripped on cross-origin redirects", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-43804", datePublished: "2023-10-04T16:01:50.447Z", dateReserved: "2023-09-22T14:51:42.340Z", dateUpdated: "2025-02-13T17:13:31.659Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13956
Vulnerability from cvelistv5
Published
2020-12-02 16:20
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Apache HttpClient |
Version: 4.5.12 and prior, 5.0.2 and prior |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:32:14.610Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E", }, { name: "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f%40%3Cdev.ranger.apache.org%3E", }, { name: "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553%40%3Cdev.ranger.apache.org%3E", }, { name: "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7%40%3Cdev.ranger.apache.org%3E", }, { name: "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0%40%3Cdev.ranger.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d%40%3Cdev.ranger.apache.org%3E", }, { name: "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E", }, { name: "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303%40%3Cgitbox.hive.apache.org%3E", }, { name: "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9%40%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4%40%3Cgitbox.hive.apache.org%3E", }, { name: "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652%40%3Cissues.solr.apache.org%3E", }, { name: "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749%40%3Cissues.maven.apache.org%3E", }, { name: "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b%40%3Cissues.maven.apache.org%3E", }, { name: "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b%40%3Cissues.maven.apache.org%3E", }, { name: "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb%40%3Cissues.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625%40%3Cissues.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673%40%3Cissues.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d%40%3Ccommits.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917%40%3Cdev.drill.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e%40%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1%40%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d%40%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707%40%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f%40%3Ccommits.creadur.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587%40%3Cissues.maven.apache.org%3E", }, { name: "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457%40%3Cdev.creadur.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35%40%3Cissues.solr.apache.org%3E", }, { name: "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89%40%3Cdev.jackrabbit.apache.org%3E", }, { name: "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17%40%3Cdev.jackrabbit.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624%40%3Cissues.solr.apache.org%3E", }, { name: "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a%40%3Cissues.lucene.apache.org%3E", }, { name: "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30%40%3Cissues.solr.apache.org%3E", }, { name: "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e%40%3Cissues.lucene.apache.org%3E", }, { name: "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1%40%3Cissues.solr.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19%40%3Cdev.ranger.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220210-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache HttpClient", vendor: "n/a", versions: [ { status: "affected", version: "4.5.12 and prior, 5.0.2 and prior", }, ], }, ], descriptions: [ { lang: "en", value: "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Input Validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:21:27", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E", }, { name: "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f%40%3Cdev.ranger.apache.org%3E", }, { name: "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553%40%3Cdev.ranger.apache.org%3E", }, { name: "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7%40%3Cdev.ranger.apache.org%3E", }, { name: "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0%40%3Cdev.ranger.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", }, { name: "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d%40%3Cdev.ranger.apache.org%3E", }, { name: "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8%40%3Csolr-user.lucene.apache.org%3E", }, { name: "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E", }, { name: "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303%40%3Cgitbox.hive.apache.org%3E", }, { name: "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9%40%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858%40%3Cissues.hive.apache.org%3E", }, { name: "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4%40%3Cgitbox.hive.apache.org%3E", }, { name: "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652%40%3Cissues.solr.apache.org%3E", }, { name: "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749%40%3Cissues.maven.apache.org%3E", }, { name: "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b%40%3Cissues.maven.apache.org%3E", }, { name: "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b%40%3Cissues.maven.apache.org%3E", }, { name: "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb%40%3Cissues.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625%40%3Cissues.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673%40%3Cissues.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d%40%3Ccommits.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917%40%3Cdev.drill.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e%40%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1%40%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d%40%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707%40%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f%40%3Ccommits.creadur.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587%40%3Cissues.maven.apache.org%3E", }, { name: "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457%40%3Cdev.creadur.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35%40%3Cissues.solr.apache.org%3E", }, { name: "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89%40%3Cdev.jackrabbit.apache.org%3E", }, { name: "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17%40%3Cdev.jackrabbit.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624%40%3Cissues.solr.apache.org%3E", }, { name: "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca%40%3Cissues.bookkeeper.apache.org%3E", }, { name: "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2%40%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a%40%3Cissues.lucene.apache.org%3E", }, { name: "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe%40%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30%40%3Cissues.solr.apache.org%3E", }, { name: "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e%40%3Cissues.lucene.apache.org%3E", }, { name: "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1%40%3Cissues.solr.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19%40%3Cdev.ranger.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220210-0002/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-13956", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache HttpClient", version: { version_data: [ { version_value: "4.5.12 and prior, 5.0.2 and prior", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E", }, { name: "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f@%3Cdev.ranger.apache.org%3E", }, { name: "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553@%3Cdev.ranger.apache.org%3E", }, { name: "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7@%3Cdev.ranger.apache.org%3E", }, { name: "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0@%3Cdev.ranger.apache.org%3E", }, { name: "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", }, { name: "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d@%3Cdev.ranger.apache.org%3E", }, { name: "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8@%3Csolr-user.lucene.apache.org%3E", }, { name: "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381@%3Ccommits.turbine.apache.org%3E", }, { name: "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3@%3Cissues.hive.apache.org%3E", }, { name: "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90@%3Cissues.hive.apache.org%3E", }, { name: "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303@%3Cgitbox.hive.apache.org%3E", }, { name: "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9@%3Cdev.hive.apache.org%3E", }, { name: "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858@%3Cissues.hive.apache.org%3E", }, { name: "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4@%3Cgitbox.hive.apache.org%3E", }, { name: "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652@%3Cissues.solr.apache.org%3E", }, { name: "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749@%3Cissues.maven.apache.org%3E", }, { name: "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b@%3Cissues.maven.apache.org%3E", }, { name: "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b@%3Cissues.maven.apache.org%3E", }, { name: "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb@%3Cissues.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625@%3Cissues.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673@%3Cissues.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05@%3Cdev.drill.apache.org%3E", }, { name: "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d@%3Ccommits.drill.apache.org%3E", }, { name: "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917@%3Cdev.drill.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e@%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1@%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d@%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707@%3Ccommits.creadur.apache.org%3E", }, { name: "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f@%3Ccommits.creadur.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587@%3Cissues.maven.apache.org%3E", }, { name: "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457@%3Cdev.creadur.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35@%3Cissues.solr.apache.org%3E", }, { name: "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89@%3Cdev.jackrabbit.apache.org%3E", }, { name: "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17@%3Cdev.jackrabbit.apache.org%3E", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624@%3Cissues.solr.apache.org%3E", }, { name: "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca@%3Cissues.bookkeeper.apache.org%3E", }, { name: "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2@%3Cissues.lucene.apache.org%3E", }, { name: "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a@%3Cissues.lucene.apache.org%3E", }, { name: "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe@%3Cissues.solr.apache.org%3E", }, { name: "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30@%3Cissues.solr.apache.org%3E", }, { name: "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e@%3Cissues.lucene.apache.org%3E", }, { name: "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1@%3Cissues.solr.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19@%3Cdev.ranger.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220210-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220210-0002/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-13956", datePublished: "2020-12-02T16:20:12", dateReserved: "2020-06-08T00:00:00", dateUpdated: "2024-08-04T12:32:14.610Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29025
Vulnerability from cvelistv5
Published
2024-03-25 20:09
Modified
2025-02-13 17:47
Severity ?
EPSS score ?
Summary
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "netty", vendor: "netty", versions: [ { lessThan: "4.1.108.Final", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-29025", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-19T15:54:48.153095Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-19T21:08:16.746Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.668Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", }, { name: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", }, { name: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "netty", vendor: "netty", versions: [ { status: "affected", version: "< 4.1.108.Final", }, ], }, ], descriptions: [ { lang: "en", value: "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770: Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T22:06:06.551Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", }, { name: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", tags: [ "x_refsource_MISC", ], url: "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", }, { name: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", }, { url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html", }, ], source: { advisory: "GHSA-5jpm-x58v-624v", discovery: "UNKNOWN", }, title: "Netty HttpPostRequestDecoder can OOM", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-29025", datePublished: "2024-03-25T20:09:35.156Z", dateReserved: "2024-03-14T16:59:47.611Z", dateUpdated: "2025-02-13T17:47:35.781Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-2976
Vulnerability from cvelistv5
Published
2023-06-14 17:36
Modified
2025-02-13 16:49
Severity ?
EPSS score ?
Summary
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T06:41:03.778Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/google/guava/issues/2575", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230818-0008/", }, { tags: [ "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Guava", vendor: "Google", versions: [ { lessThan: "32.0.0", status: "affected", version: "1.0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.</p><p>Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.</p>", }, ], value: "Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\n\nEven though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.", }, ], impacts: [ { capecId: "CAPEC-212", descriptions: [ { lang: "en", value: "CAPEC-212 Functionality Misuse", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Creation of Temporary File With Insecure Permissions", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T19:05:56.194Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/google/guava/issues/2575", }, { url: "https://security.netapp.com/advisory/ntap-20230818-0008/", }, { url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html", }, ], source: { discovery: "EXTERNAL", }, title: "Use of temporary directory for file creation in `FileBackedOutputStream` in Guava", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2023-2976", datePublished: "2023-06-14T17:36:40.640Z", dateReserved: "2023-05-30T13:15:41.560Z", dateUpdated: "2025-02-13T16:49:23.579Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29824
Vulnerability from cvelistv5
Published
2023-07-06 00:00
Modified
2024-08-02 14:14
Severity ?
EPSS score ?
Summary
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:scipy:scipy:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "scipy", vendor: "scipy", versions: [ { lessThan: "1.8.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-29824", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-22T19:30:04.549547Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-22T19:31:02.055Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T14:14:40.034Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/scipy/scipy/issues/14713", }, { tags: [ "x_transferred", ], url: "https://github.com/scipy/scipy/pull/15013", }, { tags: [ "x_transferred", ], url: "http://www.square16.org/achievement/cve-2023-29824/", }, { tags: [ "x_transferred", ], url: "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-11T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/scipy/scipy/issues/14713", }, { url: "https://github.com/scipy/scipy/pull/15013", }, { url: "http://www.square16.org/achievement/cve-2023-29824/", }, { url: "https://github.com/scipy/scipy/issues/14713#issuecomment-1629468565", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-29824", datePublished: "2023-07-06T00:00:00", dateReserved: "2023-04-07T00:00:00", dateUpdated: "2024-08-02T14:14:40.034Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5535
Vulnerability from cvelistv5
Published
2024-06-27 10:30
Modified
2025-02-13 17:54
Severity ?
EPSS score ?
Summary
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory contents to
be sent to the peer.
Impact summary: A buffer overread can have a range of potential consequences
such as unexpected application beahviour or a crash. In particular this issue
could result in up to 255 bytes of arbitrary private data from memory being sent
to the peer leading to a loss of confidentiality. However, only applications
that directly call the SSL_select_next_proto function with a 0 length list of
supported client protocols are affected by this issue. This would normally never
be a valid scenario and is typically not under attacker control but may occur by
accident in the case of a configuration or programming error in the calling
application.
The OpenSSL API function SSL_select_next_proto is typically used by TLS
applications that support ALPN (Application Layer Protocol Negotiation) or NPN
(Next Protocol Negotiation). NPN is older, was never standardised and
is deprecated in favour of ALPN. We believe that ALPN is significantly more
widely deployed than NPN. The SSL_select_next_proto function accepts a list of
protocols from the server and a list of protocols from the client and returns
the first protocol that appears in the server list that also appears in the
client list. In the case of no overlap between the two lists it returns the
first item in the client list. In either case it will signal whether an overlap
between the two lists was found. In the case where SSL_select_next_proto is
called with a zero length client list it fails to notice this condition and
returns the memory immediately following the client list pointer (and reports
that there was no overlap in the lists).
This function is typically called from a server side application callback for
ALPN or a client side application callback for NPN. In the case of ALPN the list
of protocols supplied by the client is guaranteed by libssl to never be zero in
length. The list of server protocols comes from the application and should never
normally be expected to be of zero length. In this case if the
SSL_select_next_proto function has been called as expected (with the list
supplied by the client passed in the client/client_len parameters), then the
application will not be vulnerable to this issue. If the application has
accidentally been configured with a zero length server list, and has
accidentally passed that zero length server list in the client/client_len
parameters, and has additionally failed to correctly handle a "no overlap"
response (which would normally result in a handshake failure in ALPN) then it
will be vulnerable to this problem.
In the case of NPN, the protocol permits the client to opportunistically select
a protocol when there is no overlap. OpenSSL returns the first client protocol
in the no overlap case in support of this. The list of client protocols comes
from the application and should never normally be expected to be of zero length.
However if the SSL_select_next_proto function is accidentally called with a
client_len of 0 then an invalid memory pointer will be returned instead. If the
application uses this output as the opportunistic protocol then the loss of
confidentiality will occur.
This issue has been assessed as Low severity because applications are most
likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not
widely used. It also requires an application configuration or programming error.
Finally, this issue would not typically be under attacker control making active
exploitation unlikely.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
Due to the low severity of this issue we are not issuing new releases of
OpenSSL at this time. The fix will be included in the next releases when they
become available.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "openssl", vendor: "openssl", versions: [ { lessThan: "3.3.2", status: "affected", version: "3.3.0", versionType: "custom", }, { lessThan: "3.2.3", status: "affected", version: "3.2.0", versionType: "custom", }, { lessThan: "3.1.7", status: "affected", version: "3.1.0", versionType: "custom", }, { lessThan: "3.0.15", status: "affected", version: "3.0.0", versionType: "custom", }, { lessThan: "1.1.1za", status: "affected", version: "1.1.1", versionType: "custom", }, { lessThan: "1.0.2zk", status: "affected", version: "1.0.2", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-5535", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-14T04:55:17.007Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-15T12:04:53.153Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "OpenSSL Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20240627.txt", }, { name: "3.3.2 git commit", tags: [ "patch", "x_transferred", ], url: "https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c", }, { name: "3.2.3 git commit", tags: [ "patch", "x_transferred", ], url: "https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e", }, { name: "3.1.7 git commit", tags: [ "patch", "x_transferred", ], url: "https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37", }, { name: "3.0.15 git commit", tags: [ "patch", "x_transferred", ], url: "https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c", }, { name: "1.1.1za git commit", tags: [ "patch", "x_transferred", ], url: "https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87", }, { name: "1.0.2zk git commit", tags: [ "patch", "x_transferred", ], url: "https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/06/27/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/06/28/4", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240712-0005/", }, { url: "http://www.openwall.com/lists/oss-security/2024/08/15/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "OpenSSL", vendor: "OpenSSL", versions: [ { lessThan: "3.3.2", status: "affected", version: "3.3.0", versionType: "semver", }, { lessThan: "3.2.3", status: "affected", version: "3.2.0", versionType: "semver", }, { lessThan: "3.1.7", status: "affected", version: "3.1.0", versionType: "semver", }, { lessThan: "3.0.15", status: "affected", version: "3.0.0", versionType: "semver", }, { lessThan: "1.1.1za", status: "affected", version: "1.1.1", versionType: "custom", }, { lessThan: "1.0.2zk", status: "affected", version: "1.0.2", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Joseph Birr-Pixton", }, { lang: "en", type: "analyst", value: "David Benjamin (Google)", }, { lang: "en", type: "remediation developer", value: "Matt Caswell", }, ], datePublic: "2024-06-26T23:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an<br>empty supported client protocols buffer may cause a crash or memory contents to<br>be sent to the peer.<br><br>Impact summary: A buffer overread can have a range of potential consequences<br>such as unexpected application beahviour or a crash. In particular this issue<br>could result in up to 255 bytes of arbitrary private data from memory being sent<br>to the peer leading to a loss of confidentiality. However, only applications<br>that directly call the SSL_select_next_proto function with a 0 length list of<br>supported client protocols are affected by this issue. This would normally never<br>be a valid scenario and is typically not under attacker control but may occur by<br>accident in the case of a configuration or programming error in the calling<br>application.<br><br>The OpenSSL API function SSL_select_next_proto is typically used by TLS<br>applications that support ALPN (Application Layer Protocol Negotiation) or NPN<br>(Next Protocol Negotiation). NPN is older, was never standardised and<br>is deprecated in favour of ALPN. We believe that ALPN is significantly more<br>widely deployed than NPN. The SSL_select_next_proto function accepts a list of<br>protocols from the server and a list of protocols from the client and returns<br>the first protocol that appears in the server list that also appears in the<br>client list. In the case of no overlap between the two lists it returns the<br>first item in the client list. In either case it will signal whether an overlap<br>between the two lists was found. In the case where SSL_select_next_proto is<br>called with a zero length client list it fails to notice this condition and<br>returns the memory immediately following the client list pointer (and reports<br>that there was no overlap in the lists).<br><br>This function is typically called from a server side application callback for<br>ALPN or a client side application callback for NPN. In the case of ALPN the list<br>of protocols supplied by the client is guaranteed by libssl to never be zero in<br>length. The list of server protocols comes from the application and should never<br>normally be expected to be of zero length. In this case if the<br>SSL_select_next_proto function has been called as expected (with the list<br>supplied by the client passed in the client/client_len parameters), then the<br>application will not be vulnerable to this issue. If the application has<br>accidentally been configured with a zero length server list, and has<br>accidentally passed that zero length server list in the client/client_len<br>parameters, and has additionally failed to correctly handle a \"no overlap\"<br>response (which would normally result in a handshake failure in ALPN) then it<br>will be vulnerable to this problem.<br><br>In the case of NPN, the protocol permits the client to opportunistically select<br>a protocol when there is no overlap. OpenSSL returns the first client protocol<br>in the no overlap case in support of this. The list of client protocols comes<br>from the application and should never normally be expected to be of zero length.<br>However if the SSL_select_next_proto function is accidentally called with a<br>client_len of 0 then an invalid memory pointer will be returned instead. If the<br>application uses this output as the opportunistic protocol then the loss of<br>confidentiality will occur.<br><br>This issue has been assessed as Low severity because applications are most<br>likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not<br>widely used. It also requires an application configuration or programming error.<br>Finally, this issue would not typically be under attacker control making active<br>exploitation unlikely.<br><br>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.<br><br>\n\nDue to the low severity of this issue we are not issuing new releases of<br>OpenSSL at this time. The fix will be included in the next releases when they<br>become available.", }, ], value: "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an\nempty supported client protocols buffer may cause a crash or memory contents to\nbe sent to the peer.\n\nImpact summary: A buffer overread can have a range of potential consequences\nsuch as unexpected application beahviour or a crash. In particular this issue\ncould result in up to 255 bytes of arbitrary private data from memory being sent\nto the peer leading to a loss of confidentiality. However, only applications\nthat directly call the SSL_select_next_proto function with a 0 length list of\nsupported client protocols are affected by this issue. This would normally never\nbe a valid scenario and is typically not under attacker control but may occur by\naccident in the case of a configuration or programming error in the calling\napplication.\n\nThe OpenSSL API function SSL_select_next_proto is typically used by TLS\napplications that support ALPN (Application Layer Protocol Negotiation) or NPN\n(Next Protocol Negotiation). NPN is older, was never standardised and\nis deprecated in favour of ALPN. We believe that ALPN is significantly more\nwidely deployed than NPN. The SSL_select_next_proto function accepts a list of\nprotocols from the server and a list of protocols from the client and returns\nthe first protocol that appears in the server list that also appears in the\nclient list. In the case of no overlap between the two lists it returns the\nfirst item in the client list. In either case it will signal whether an overlap\nbetween the two lists was found. In the case where SSL_select_next_proto is\ncalled with a zero length client list it fails to notice this condition and\nreturns the memory immediately following the client list pointer (and reports\nthat there was no overlap in the lists).\n\nThis function is typically called from a server side application callback for\nALPN or a client side application callback for NPN. In the case of ALPN the list\nof protocols supplied by the client is guaranteed by libssl to never be zero in\nlength. The list of server protocols comes from the application and should never\nnormally be expected to be of zero length. In this case if the\nSSL_select_next_proto function has been called as expected (with the list\nsupplied by the client passed in the client/client_len parameters), then the\napplication will not be vulnerable to this issue. If the application has\naccidentally been configured with a zero length server list, and has\naccidentally passed that zero length server list in the client/client_len\nparameters, and has additionally failed to correctly handle a \"no overlap\"\nresponse (which would normally result in a handshake failure in ALPN) then it\nwill be vulnerable to this problem.\n\nIn the case of NPN, the protocol permits the client to opportunistically select\na protocol when there is no overlap. OpenSSL returns the first client protocol\nin the no overlap case in support of this. The list of client protocols comes\nfrom the application and should never normally be expected to be of zero length.\nHowever if the SSL_select_next_proto function is accidentally called with a\nclient_len of 0 then an invalid memory pointer will be returned instead. If the\napplication uses this output as the opportunistic protocol then the loss of\nconfidentiality will occur.\n\nThis issue has been assessed as Low severity because applications are most\nlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is not\nwidely used. It also requires an application configuration or programming error.\nFinally, this issue would not typically be under attacker control making active\nexploitation unlikely.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\nDue to the low severity of this issue we are not issuing new releases of\nOpenSSL at this time. The fix will be included in the next releases when they\nbecome available.", }, ], metrics: [ { format: "other", other: { content: { text: "Low", }, type: "https://www.openssl.org/policies/secpolicy.html", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-12T14:06:04.752Z", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "OpenSSL Advisory", tags: [ "vendor-advisory", ], url: "https://www.openssl.org/news/secadv/20240627.txt", }, { name: "3.3.2 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c", }, { name: "3.2.3 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e", }, { name: "3.1.7 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37", }, { name: "3.0.15 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c", }, { name: "1.1.1za git commit", tags: [ "patch", ], url: "https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87", }, { name: "1.0.2zk git commit", tags: [ "patch", ], url: "https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c", }, { url: "http://www.openwall.com/lists/oss-security/2024/06/27/1", }, { url: "http://www.openwall.com/lists/oss-security/2024/06/28/4", }, { url: "https://security.netapp.com/advisory/ntap-20240712-0005/", }, ], source: { discovery: "UNKNOWN", }, title: "SSL_select_next_proto buffer overread", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2024-5535", datePublished: "2024-06-27T10:30:53.118Z", dateReserved: "2024-05-30T15:34:36.813Z", dateUpdated: "2025-02-13T17:54:20.802Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33202
Vulnerability from cvelistv5
Published
2023-11-23 00:00
Modified
2024-10-11 18:05
Severity ?
EPSS score ?
Summary
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.778Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bouncycastle.org", }, { tags: [ "x_transferred", ], url: "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240125-0001/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33202", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T17:51:39.623008Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T18:05:47.384Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T14:06:28.223547", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bouncycastle.org", }, { url: "https://github.com/bcgit/bc-java/wiki/CVE-2023-33202", }, { url: "https://security.netapp.com/advisory/ntap-20240125-0001/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-33202", datePublished: "2023-11-23T00:00:00", dateReserved: "2023-05-18T00:00:00", dateUpdated: "2024-10-11T18:05:47.384Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33953
Vulnerability from cvelistv5
Published
2023-08-09 12:54
Modified
2024-09-27 18:40
Severity ?
EPSS score ?
Summary
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:
- Unbounded memory buffering in the HPACK parser
- Unbounded CPU consumption in the HPACK parser
The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.
The unbounded memory buffering bugs:
- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.
- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.
- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:54:14.192Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cloud.google.com/support/bulletins#gcp-2023-022", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "grpc", vendor: "grpc", versions: [ { lessThan: "1.53.2", status: "affected", version: "0", versionType: "custom", }, { lessThan: "154.3", status: "affected", version: "1.54", versionType: "custom", }, { lessThan: "1.55.2", status: "affected", version: "1.55", versionType: "custom", }, { lessThan: "1.56.2", status: "affected", version: "1.56", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-33953", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T17:54:21.539206Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T18:40:52.297Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "gRPC", vendor: "Google", versions: [ { lessThan: "1.56.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:<br><br>- Unbounded memory buffering in the HPACK parser<br>- Unbounded CPU consumption in the HPACK parser<br><br>The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.<br><br>The unbounded memory buffering bugs:<br><br>- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.<br>- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.<br>- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…", }, ], value: "gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks:\n\n- Unbounded memory buffering in the HPACK parser\n- Unbounded CPU consumption in the HPACK parser\n\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\n\nThe unbounded memory buffering bugs:\n\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\n- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.\n- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…", }, ], impacts: [ { capecId: "CAPEC-220", descriptions: [ { lang: "en", value: "CAPEC-220 Client-Server Protocol Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-834", description: "CWE-834 Excessive Iteration", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-789", description: "CWE-789 Memory Allocation with Excessive Size Value", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-09T12:54:47.415Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://cloud.google.com/support/bulletins#gcp-2023-022", }, ], source: { discovery: "UNKNOWN", }, title: "Denial-of-Service in gRPC", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2023-33953", datePublished: "2023-08-09T12:54:47.415Z", dateReserved: "2023-05-24T12:08:31.409Z", dateUpdated: "2024-09-27T18:40:52.297Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24998
Vulnerability from cvelistv5
Published
2023-02-20 15:57
Modified
2025-02-13 16:44
Severity ?
EPSS score ?
Summary
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
â–Ľ | Apache Software Foundation | Apache Commons FileUpload |
Version: 0 ≤ |
||||||
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20230302-0013/", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/05/22/1", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-37", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5522", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Commons FileUpload", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.5", status: "affected", version: "0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Apache Tomcat", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "11.0.0-M1", }, { lessThanOrEqual: "10.1.4", status: "affected", version: "10.0.0-M1", versionType: "semver", }, { lessThanOrEqual: "9.0.70", status: "affected", version: "9.0.0-M1", versionType: "semver", }, { lessThanOrEqual: "8.5.84", status: "affected", version: "8.5.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Jakob Ackermann", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div>Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.</div><div><br></div><div>Note that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.<br></div>", }, ], value: "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.", }, ], metrics: [ { other: { content: { text: "important", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-13T15:06:16.472Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy", }, { url: "http://www.openwall.com/lists/oss-security/2023/05/22/1", }, { url: "https://security.gentoo.org/glsa/202305-37", }, { url: "https://www.debian.org/security/2023/dsa-5522", }, { url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", }, ], source: { discovery: "EXTERNAL", }, title: "Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-24998", datePublished: "2023-02-20T15:57:07.372Z", dateReserved: "2023-02-01T10:32:05.492Z", dateUpdated: "2025-02-13T16:44:27.490Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36114
Vulnerability from cvelistv5
Published
2024-05-29 20:24
Modified
2024-08-02 03:30
Severity ?
EPSS score ?
Summary
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
airlift | aircompressor |
Version: < 0.27 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:airlift:aircompressor:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aircompressor", vendor: "airlift", versions: [ { lessThan: "0.27", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-36114", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-04T19:37:59.883008Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T19:42:22.047Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "ADP Container", }, { providerMetadata: { dateUpdated: "2024-08-02T03:30:13.037Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4", }, { name: "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071", }, { name: "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e", }, { name: "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f", }, { name: "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "aircompressor", vendor: "airlift", versions: [ { status: "affected", version: "< 0.27", }, ], }, ], descriptions: [ { lang: "en", value: "Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T20:24:53.906Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4", }, { name: "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071", tags: [ "x_refsource_MISC", ], url: "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071", }, { name: "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e", tags: [ "x_refsource_MISC", ], url: "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e", }, { name: "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f", tags: [ "x_refsource_MISC", ], url: "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f", }, { name: "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e", tags: [ "x_refsource_MISC", ], url: "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e", }, ], source: { advisory: "GHSA-973x-65j7-xcf4", discovery: "UNKNOWN", }, title: "Decompressors can crash the JVM and leak memory content in Aircompressor", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-36114", datePublished: "2024-05-29T20:24:53.906Z", dateReserved: "2024-05-20T21:07:48.187Z", dateUpdated: "2024-08-02T03:30:13.037Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35195
Vulnerability from cvelistv5
Published
2024-05-20 20:14
Modified
2025-02-13 17:52
Severity ?
EPSS score ?
Summary
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:request_project:request:2.32.0:*:*:*:*:node.js:*:*", ], defaultStatus: "unknown", product: "request", vendor: "request_project", versions: [ { lessThan: "2.32.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-35195", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-21T14:17:58.814431Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T19:18:52.607Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.774Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56", }, { name: "https://github.com/psf/requests/pull/6655", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/psf/requests/pull/6655", }, { name: "https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "requests", vendor: "psf", versions: [ { status: "affected", version: "< 2.32.0", }, ], }, ], descriptions: [ { lang: "en", value: "Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-670", description: "CWE-670: Always-Incorrect Control Flow Implementation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-10T16:09:17.143Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56", }, { name: "https://github.com/psf/requests/pull/6655", tags: [ "x_refsource_MISC", ], url: "https://github.com/psf/requests/pull/6655", }, { name: "https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac", tags: [ "x_refsource_MISC", ], url: "https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYLSNK5TL46Q6XPRVMHVWS63MVJQOK4Q/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7WP6EYDSUOCOJYHDK5NX43PYZ4SNHGZ/", }, ], source: { advisory: "GHSA-9wx4-h78v-vm56", discovery: "UNKNOWN", }, title: "Requests `Session` object does not verify requests after making first request with verify=False", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-35195", datePublished: "2024-05-20T20:14:48.206Z", dateReserved: "2024-05-10T14:24:24.342Z", dateUpdated: "2025-02-13T17:52:32.002Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45803
Vulnerability from cvelistv5
Published
2023-10-17 19:43
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:29:32.441Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4", }, { name: "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9", }, { name: "https://www.rfc-editor.org/rfc/rfc9110.html#name-get", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.rfc-editor.org/rfc/rfc9110.html#name-get", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45803", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T15:56:19.991921Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T15:56:30.487Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "urllib3", vendor: "urllib3", versions: [ { status: "affected", version: ">= 2.0.0, < 2.0.7", }, { status: "affected", version: "< 1.26.18", }, ], }, ], descriptions: [ { lang: "en", value: "urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-03T21:06:24.988Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4", }, { name: "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9", tags: [ "x_refsource_MISC", ], url: "https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9", }, { name: "https://www.rfc-editor.org/rfc/rfc9110.html#name-get", tags: [ "x_refsource_MISC", ], url: "https://www.rfc-editor.org/rfc/rfc9110.html#name-get", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/", }, ], source: { advisory: "GHSA-g4mx-q9vg-27p4", discovery: "UNKNOWN", }, title: "Request body not stripped after redirect in urllib3", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-45803", datePublished: "2023-10-17T19:43:45.404Z", dateReserved: "2023-10-13T12:00:50.435Z", dateUpdated: "2025-02-13T17:14:11.578Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38809
Vulnerability from cvelistv5
Published
2024-09-27 16:39
Modified
2024-09-27 19:19
Severity ?
EPSS score ?
Summary
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.
Users of affected versions should upgrade to the corresponding fixed version.
Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.
References
â–Ľ | URL | Tags |
---|---|---|
https://spring.io/security/cve-2024-38809 |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
N/A | Spring Framework |
Version: 6.1.0 - 6.1.11, 6.0.0 - 6.0.22, 5.3.0 - 5.3.37 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-09-27T17:03:10.001Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20240920-0003/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "spring_framework", vendor: "vmware", versions: [ { lessThanOrEqual: "6.1.11", status: "affected", version: "6.1.0", versionType: "custom", }, { lessThanOrEqual: "6.0.22", status: "affected", version: "6.0.0", versionType: "custom", }, { lessThanOrEqual: "5.3.37", status: "affected", version: "5.3.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-38809", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T18:49:57.837165Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-27T19:19:01.160Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Spring Framework", vendor: "N/A", versions: [ { status: "affected", version: "6.1.0 - 6.1.11, 6.0.0 - 6.0.22, 5.3.0 - 5.3.37", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Applications that parse ETags from \"If-Match\" or \"If-None-Match\" request headers are vulnerable to DoS attack.<br><br>Users of affected versions should upgrade to the corresponding fixed version.<br><br>Users of older, unsupported versions could enforce a size limit on \"If-Match\" and \"If-None-Match\" headers, e.g. through a Filter.<br><br>", }, ], value: "Applications that parse ETags from \"If-Match\" or \"If-None-Match\" request headers are vulnerable to DoS attack.\n\nUsers of affected versions should upgrade to the corresponding fixed version.\n\nUsers of older, unsupported versions could enforce a size limit on \"If-Match\" and \"If-None-Match\" headers, e.g. through a Filter.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spring Framework DoS via conditional HTTP request", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-27T16:39:52.644Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://spring.io/security/cve-2024-38809", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2024-38809", datePublished: "2024-09-27T16:39:52.644Z", dateReserved: "2024-06-19T22:31:57.187Z", dateUpdated: "2024-09-27T19:19:01.160Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29131
Vulnerability from cvelistv5
Published
2024-03-21 09:07
Modified
2025-02-13 17:47
Severity ?
EPSS score ?
Summary
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Commons Configuration |
Version: 2.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-12-13T13:09:26.300Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/20/4", }, { url: "https://security.netapp.com/advisory/ntap-20241213-0001/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:commons_configuration:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "commons_configuration", vendor: "apache", versions: [ { lessThan: "2.10.1", status: "affected", version: "2.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-29131", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-29T15:57:00.599892Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-28T14:22:06.366Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://repo.maven.apache.org/maven2", defaultStatus: "unaffected", packageName: "org.apache.commons:commons-configuration2", product: "Apache Commons Configuration", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.10.1", status: "affected", version: "2.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Bob Marinier", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Out-of-bounds Write vulnerability in Apache Commons Configuration.<p>This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.</p><p>Users are recommended to upgrade to version 2.10.1, which fixes the issue.</p>", }, ], value: "Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T18:08:32.867Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7/", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/20/4", }, ], source: { defect: [ "CONFIGURATION-840", ], discovery: "EXTERNAL", }, title: "Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-29131", datePublished: "2024-03-21T09:07:13.627Z", dateReserved: "2024-03-16T11:33:44.045Z", dateUpdated: "2025-02-13T17:47:38.259Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-47561
Vulnerability from cvelistv5
Published
2024-10-03 10:23
Modified
2024-10-21 08:51
Severity ?
EPSS score ?
Summary
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.
Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.
References
â–Ľ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x | vendor-advisory |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache Avro Java SDK |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-10-11T22:03:16.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/10/03/1", }, { url: "https://security.netapp.com/advisory/ntap-20241011-0003/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:*", ], defaultStatus: "unknown", product: "avro", vendor: "apache", versions: [ { lessThan: "1.11.4", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-47561", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T18:53:44.038603Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T18:59:41.415Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://repo.maven.apache.org/maven2", defaultStatus: "unaffected", packageName: "org.apache.avro:avro", product: "Apache Avro Java SDK", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.11.4", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Kostya Kortchinsky, from the Databricks Security Team", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.<br>Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.", }, ], value: "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.", }, ], metrics: [ { other: { content: { text: "critical", }, type: "Textual description of severity", }, }, { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "PRESENT", attackVector: "NETWORK", baseScore: 9.2, baseSeverity: "CRITICAL", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-21T08:51:22.972Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-47561", datePublished: "2024-10-03T10:23:16.214Z", dateReserved: "2024-09-27T07:06:47.522Z", dateUpdated: "2024-10-21T08:51:22.972Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-7272
Vulnerability from cvelistv5
Published
2024-07-17 15:00
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Eclipse Foundation | Parsson |
Version: 0 ≤ 1.0.3 Version: 1.1.0 ≤ 1.1.2 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:eclipse_foundation:parsson:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "parsson", vendor: "eclipse_foundation", versions: [ { lessThanOrEqual: "1.0.3", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "1.1.2", status: "affected", version: "1.1.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-7272", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-18T13:26:07.187816Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-18T13:31:25.196Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:57:35.165Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/12", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Parsson", vendor: "Eclipse Foundation", versions: [ { lessThanOrEqual: "1.0.3", status: "affected", version: "0", versionType: "semver", }, { lessThanOrEqual: "1.1.2", status: "affected", version: "1.1.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "PJ Fanning", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.<br>", }, ], value: "In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-17T15:00:20.172Z", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { url: "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/12", }, ], source: { discovery: "UNKNOWN", }, title: "Eclipse Parsson stack overflow with deeply nested objects", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2023-7272", datePublished: "2024-07-17T15:00:20.172Z", dateReserved: "2024-07-17T14:50:06.906Z", dateUpdated: "2024-08-02T08:57:35.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-23926
Vulnerability from cvelistv5
Published
2021-01-14 14:45
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
References
â–Ľ | URL | Tags |
---|---|---|
https://poi.apache.org/ | x_refsource_MISC | |
https://issues.apache.org/jira/browse/XMLBEANS-517 | x_refsource_MISC | |
https://lists.apache.org/thread.html/r2dc5588009dc9f0310b7382269f932cc96cae4c3901b747dda1a7fed%40%3Cjava-dev.axis.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.apache.org/thread.html/rbb01d10512098894cd5f22325588197532c64f1c818ea7e4120d40c1%40%3Cjava-dev.axis.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2021/06/msg00024.html | mailing-list, x_refsource_MLIST | |
https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210513-0004/ | x_refsource_CONFIRM | |
https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Apache Software Foundation | Apache XMLBeans |
Version: Apache XMLBeans < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:14:09.643Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://poi.apache.org/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://issues.apache.org/jira/browse/XMLBEANS-517", }, { name: "[axis-java-dev] 20210312 xmlbeans 2.6.0 and CVE-2021-23926", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2dc5588009dc9f0310b7382269f932cc96cae4c3901b747dda1a7fed%40%3Cjava-dev.axis.apache.org%3E", }, { name: "[axis-java-dev] 20210312 Re: xmlbeans 2.6.0 and CVE-2021-23926", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbb01d10512098894cd5f22325588197532c64f1c818ea7e4120d40c1%40%3Cjava-dev.axis.apache.org%3E", }, { name: "[debian-lts-announce] 20210628 [SECURITY] [DLA 2693-1] xmlbeans security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00024.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210513-0004/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache XMLBeans", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.6.0", status: "affected", version: "Apache XMLBeans", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-03T19:15:43.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://poi.apache.org/", }, { tags: [ "x_refsource_MISC", ], url: "https://issues.apache.org/jira/browse/XMLBEANS-517", }, { name: "[axis-java-dev] 20210312 xmlbeans 2.6.0 and CVE-2021-23926", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2dc5588009dc9f0310b7382269f932cc96cae4c3901b747dda1a7fed%40%3Cjava-dev.axis.apache.org%3E", }, { name: "[axis-java-dev] 20210312 Re: xmlbeans 2.6.0 and CVE-2021-23926", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rbb01d10512098894cd5f22325588197532c64f1c818ea7e4120d40c1%40%3Cjava-dev.axis.apache.org%3E", }, { name: "[debian-lts-announce] 20210628 [SECURITY] [DLA 2693-1] xmlbeans security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00024.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210513-0004/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], source: { defect: [ "https://issues.apache.org/jira/browse/XMLBEANS-517", ], discovery: "UNKNOWN", }, title: "XMLBeans XML Entity Expansion", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-23926", STATE: "PUBLIC", TITLE: "XMLBeans XML Entity Expansion", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache XMLBeans", version: { version_data: [ { version_affected: "<=", version_name: "Apache XMLBeans", version_value: "2.6.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://poi.apache.org/", refsource: "MISC", url: "https://poi.apache.org/", }, { name: "https://issues.apache.org/jira/browse/XMLBEANS-517", refsource: "MISC", url: "https://issues.apache.org/jira/browse/XMLBEANS-517", }, { name: "[axis-java-dev] 20210312 xmlbeans 2.6.0 and CVE-2021-23926", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2dc5588009dc9f0310b7382269f932cc96cae4c3901b747dda1a7fed@%3Cjava-dev.axis.apache.org%3E", }, { name: "[axis-java-dev] 20210312 Re: xmlbeans 2.6.0 and CVE-2021-23926", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rbb01d10512098894cd5f22325588197532c64f1c818ea7e4120d40c1@%3Cjava-dev.axis.apache.org%3E", }, { name: "[debian-lts-announce] 20210628 [SECURITY] [DLA 2693-1] xmlbeans security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00024.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210513-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210513-0004/", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, source: { defect: [ "https://issues.apache.org/jira/browse/XMLBEANS-517", ], discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-23926", datePublished: "2021-01-14T14:45:18.000Z", dateReserved: "2021-01-12T00:00:00.000Z", dateUpdated: "2025-02-13T16:27:47.031Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-2849
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-27 19:04
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).
References
â–Ľ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Oracle Corporation | Depot Repair |
Version: 12.1.1-12.1.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:17:02.688Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-2849", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T18:02:57.362710Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T19:04:21.204Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Depot Repair", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "12.1.1-12.1.3", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T13:29:49", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2020-2849", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Depot Repair", version: { version_data: [ { version_affected: "=", version_value: "12.1.1-12.1.3", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).", }, ], }, impact: { cvss: { baseScore: "8.2", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Depot Repair. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Depot Repair, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Depot Repair accessible data as well as unauthorized update, insert or delete access to some of Oracle Depot Repair accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2020-2849", datePublished: "2020-04-15T13:29:49", dateReserved: "2019-12-10T00:00:00", dateUpdated: "2024-09-27T19:04:21.204Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4741
Vulnerability from cvelistv5
Published
2024-11-13 10:20
Modified
2024-11-13 14:49
Severity ?
EPSS score ?
Summary
Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
memory to be accessed that was previously freed in some situations
Impact summary: A use after free can have a range of potential consequences such
as the corruption of valid data, crashes or execution of arbitrary code.
However, only applications that directly call the SSL_free_buffers function are
affected by this issue. Applications that do not call this function are not
vulnerable. Our investigations indicate that this function is rarely used by
applications.
The SSL_free_buffers function is used to free the internal OpenSSL buffer used
when processing an incoming record from the network. The call is only expected
to succeed if the buffer is not currently in use. However, two scenarios have
been identified where the buffer is freed even when still in use.
The first scenario occurs where a record header has been received from the
network and processed by OpenSSL, but the full record body has not yet arrived.
In this case calling SSL_free_buffers will succeed even though a record has only
been partially processed and the buffer is still in use.
The second scenario occurs where a full record containing application data has
been received and processed by OpenSSL but the application has only read part of
this data. Again a call to SSL_free_buffers will succeed even though the buffer
is still in use.
While these scenarios could occur accidentally during normal operation a
malicious attacker could attempt to engineer a stituation where this occurs.
We are not aware of this issue being actively exploited.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:openssl:openssl:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "openssl", vendor: "openssl", versions: [ { lessThan: "1.1.1y", status: "affected", version: "1.1.1", versionType: "semver", }, { lessThan: "3.0.14", status: "affected", version: "3.0.0", versionType: "semver", }, { lessThan: "3.1.6", status: "affected", version: "3.1.0", versionType: "semver", }, { lessThan: "3.2.2", status: "affected", version: "3.2.0", versionType: "semver", }, { lessThan: "3.3.1", status: "affected", version: "3.3.0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-4741", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T14:45:07.092438Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T14:49:05.977Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "OpenSSL", vendor: "OpenSSL", versions: [ { lessThan: "3.3.1", status: "affected", version: "3.3.0", versionType: "semver", }, { lessThan: "3.2.2", status: "affected", version: "3.2.0", versionType: "semver", }, { lessThan: "3.1.6", status: "affected", version: "3.1.0", versionType: "semver", }, { lessThan: "3.0.14", status: "affected", version: "3.0.0", versionType: "semver", }, { lessThan: "1.1.1y", status: "affected", version: "1.1.1", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "William Ahern (Akamai)", }, { lang: "en", type: "remediation developer", value: "Matt Caswell", }, { lang: "en", type: "remediation developer", value: "Watson Ladd (Akamai)", }, ], datePublic: "2024-05-27T23:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause<br>memory to be accessed that was previously freed in some situations<br><br>Impact summary: A use after free can have a range of potential consequences such<br>as the corruption of valid data, crashes or execution of arbitrary code.<br>However, only applications that directly call the SSL_free_buffers function are<br>affected by this issue. Applications that do not call this function are not<br>vulnerable. Our investigations indicate that this function is rarely used by<br>applications.<br><br>The SSL_free_buffers function is used to free the internal OpenSSL buffer used<br>when processing an incoming record from the network. The call is only expected<br>to succeed if the buffer is not currently in use. However, two scenarios have<br>been identified where the buffer is freed even when still in use.<br><br>The first scenario occurs where a record header has been received from the<br>network and processed by OpenSSL, but the full record body has not yet arrived.<br>In this case calling SSL_free_buffers will succeed even though a record has only<br>been partially processed and the buffer is still in use.<br><br>The second scenario occurs where a full record containing application data has<br>been received and processed by OpenSSL but the application has only read part of<br>this data. Again a call to SSL_free_buffers will succeed even though the buffer<br>is still in use.<br><br>While these scenarios could occur accidentally during normal operation a<br>malicious attacker could attempt to engineer a stituation where this occurs.<br>We are not aware of this issue being actively exploited.<br><br>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", }, ], value: "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause\nmemory to be accessed that was previously freed in some situations\n\nImpact summary: A use after free can have a range of potential consequences such\nas the corruption of valid data, crashes or execution of arbitrary code.\nHowever, only applications that directly call the SSL_free_buffers function are\naffected by this issue. Applications that do not call this function are not\nvulnerable. Our investigations indicate that this function is rarely used by\napplications.\n\nThe SSL_free_buffers function is used to free the internal OpenSSL buffer used\nwhen processing an incoming record from the network. The call is only expected\nto succeed if the buffer is not currently in use. However, two scenarios have\nbeen identified where the buffer is freed even when still in use.\n\nThe first scenario occurs where a record header has been received from the\nnetwork and processed by OpenSSL, but the full record body has not yet arrived.\nIn this case calling SSL_free_buffers will succeed even though a record has only\nbeen partially processed and the buffer is still in use.\n\nThe second scenario occurs where a full record containing application data has\nbeen received and processed by OpenSSL but the application has only read part of\nthis data. Again a call to SSL_free_buffers will succeed even though the buffer\nis still in use.\n\nWhile these scenarios could occur accidentally during normal operation a\nmalicious attacker could attempt to engineer a stituation where this occurs.\nWe are not aware of this issue being actively exploited.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", }, ], metrics: [ { format: "other", other: { content: { text: "Low", }, type: "https://www.openssl.org/policies/secpolicy.html", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-13T10:20:50.711Z", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "OpenSSL Advisory", tags: [ "vendor-advisory", ], url: "https://www.openssl.org/news/secadv/20240528.txt", }, { name: "3.3.1 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8", }, { name: "3.2.2 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac", }, { name: "3.1.6 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177", }, { name: "3.0.14 git commit", tags: [ "patch", ], url: "https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d", }, { name: "1.1.1y git commit", tags: [ "patch", ], url: "https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4", }, ], source: { discovery: "UNKNOWN", }, title: "Use After Free with SSL_free_buffers", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2024-4741", datePublished: "2024-11-13T10:20:50.711Z", dateReserved: "2024-05-10T09:56:11.310Z", dateUpdated: "2024-11-13T14:49:05.977Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34064
Vulnerability from cvelistv5
Published
2024-05-06 14:41
Modified
2025-02-13 17:52
Severity ?
EPSS score ?
Summary
Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:palletsprojects:jinja:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "jinja", vendor: "palletsprojects", versions: [ { lessThan: "3.1.4", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34064", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-09T17:53:36.420762Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T16:58:01.438Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:42:59.945Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj", }, { name: "https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "jinja", vendor: "pallets", versions: [ { status: "affected", version: "< 3.1.4", }, ], }, ], descriptions: [ { lang: "en", value: "Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-10T16:08:27.786Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/pallets/jinja/security/advisories/GHSA-h75v-3vvj-5mfj", }, { name: "https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb", tags: [ "x_refsource_MISC", ], url: "https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSCBHIL6BYKR5NRCBXP4XMP2CEEKGFVS/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCLF44KY43BSVMTE6S53B4V5WP3FRRSE/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZALNWE3TXPPHVPSI3AZ5CTMSTAVN5UMS/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/567XIGSZMABG6TSMYWD7MIYNJSUQQRUC/", }, ], source: { advisory: "GHSA-h75v-3vvj-5mfj", discovery: "UNKNOWN", }, title: "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-34064", datePublished: "2024-05-06T14:41:39.912Z", dateReserved: "2024-04-30T06:56:33.380Z", dateUpdated: "2025-02-13T17:52:22.513Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7254
Vulnerability from cvelistv5
Published
2024-09-19 00:18
Modified
2024-12-13 13:09
Severity ?
EPSS score ?
Summary
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
â–Ľ | Protocol Buffers |
Version: 0 < 28.2 |
|||||||||||||||||||||||||||
|
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:google:protobuf:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "protobuf", vendor: "google", versions: [ { lessThan: "28.2", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:google:google-protobuf:*:*:*:*:*:ruby:*:*", "cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*", "cpe:2.3:a:google:protobuf-javalite:*:*:*:*:*:*:*:*", "cpe:2.3:a:google:protobuf-kotlin:*:*:*:*:*:*:*:*", "cpe:2.3:a:google:protobuf-kotlin-lite:*:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "protobuf-kotlin-lite", vendor: "google", versions: [ { lessThan: "3.25.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.27.5", status: "affected", version: "4.27", versionType: "custom", }, { lessThan: "4.28.2", status: "affected", version: "4.28", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7254", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-19T14:29:43.468555Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-19T14:46:14.517Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-13T13:09:27.312Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20241213-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Protocol Buffers", repo: "https://github.com/protocolbuffers/protobuf", vendor: "Google", versions: [ { lessThan: "28.2", status: "affected", version: "0", versionType: "custom", }, ], }, { collectionURL: "https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java", defaultStatus: "unaffected", product: "protobuf-java", vendor: "Google", versions: [ { lessThan: "3.25.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.27.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.28.2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "protobuf-javalite", vendor: "Google", versions: [ { lessThan: "3.25.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.27.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.28.2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "protobuf-kotlin", vendor: "Google", versions: [ { lessThan: "3.25.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.27.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.28.2", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "protobuf-kotllin-lite", vendor: "Google", versions: [ { lessThan: "3.25.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.27.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.28.2", status: "affected", version: "0", versionType: "custom", }, ], }, { collectionURL: "https://rubygems.org/gems/google-protobuf", defaultStatus: "unaffected", product: "google-protobuf [JRuby Gem]", vendor: "Google", versions: [ { lessThan: "3.25.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.27.5", status: "affected", version: "0", versionType: "custom", }, { lessThan: "4.28.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Alexis Challande, Trail of Bits Ecosystem Security Team <ecosystem@trailofbits.com>", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p><span style=\"background-color: rgb(255, 255, 255);\">Any project that parses untrusted Protocol Buffers data</span><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\"> containing an arbitrary number of nested </span><code>group</code><span style=\"background-color: rgb(255, 255, 255);\">s / series of </span><code>SGROUP</code><span style=\"background-color: rgb(255, 255, 255);\"> tags can corrupted by exceeding the stack limit i.e. StackOverflow. </span><span style=\"background-color: transparent;\">Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.</span></span><br></p>", }, ], value: "Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 8.7, baseSeverity: "HIGH", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "NOT_DEFINED", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-19T00:18:45.824Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", }, ], source: { discovery: "UNKNOWN", }, title: "Stack overflow in Protocol Buffers Java Lite", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2024-7254", datePublished: "2024-09-19T00:18:45.824Z", dateReserved: "2024-07-29T21:41:56.116Z", dateUpdated: "2024-12-13T13:09:27.312Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.