Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-0094
Vulnerability from csaf_certbund
Published
2024-01-15 23:00
Modified
2024-01-15 23:00
Summary
Atlassian Bamboo: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in Atlassian Bamboo ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder einen Request Smuggling-Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter Angreifer kann mehrere Schwachstellen in Atlassian Bamboo ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder einen Request Smuggling-Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0094 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0094.json", }, { category: "self", summary: "WID-SEC-2024-0094 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0094", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-01-15", url: "https://jira.atlassian.com/browse/BAM-25623", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-01-15", url: "https://jira.atlassian.com/browse/BAM-25622", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-01-15", url: "https://jira.atlassian.com/browse/BAM-25614", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-01-15", url: "https://jira.atlassian.com/browse/BAM-25613", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-01-15", url: "https://jira.atlassian.com/browse/BAM-25612", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-01-15", url: "https://jira.atlassian.com/browse/BAM-25609", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-01-15", url: "https://jira.atlassian.com/browse/BAM-25607", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-01-15", url: "https://jira.atlassian.com/browse/BAM-25606", }, { category: "external", summary: "Atlassian Security Advisory vom 2024-01-15", url: "https://jira.atlassian.com/browse/BAM-25640", }, ], source_lang: "en-US", title: "Atlassian Bamboo: Mehrere Schwachstellen", tracking: { current_release_date: "2024-01-15T23:00:00.000+00:00", generator: { date: "2024-08-15T18:03:40.850+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0094", initial_release_date: "2024-01-15T23:00:00.000+00:00", revision_history: [ { date: "2024-01-15T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Atlassian Bamboo < 9.4.2", product: { name: "Atlassian Bamboo < 9.4.2", product_id: "T032060", product_identification_helper: { cpe: "cpe:/a:atlassian:bamboo:9.4.2", }, }, }, { category: "product_name", name: "Atlassian Bamboo < 9.3.6", product: { name: "Atlassian Bamboo < 9.3.6", product_id: "T032061", product_identification_helper: { cpe: "cpe:/a:atlassian:bamboo:9.3.6", }, }, }, { category: "product_name", name: "Atlassian Bamboo < 9.2.8", product: { name: "Atlassian Bamboo < 9.2.8", product_id: "T032062", product_identification_helper: { cpe: "cpe:/a:atlassian:bamboo:9.2.8", }, }, }, { category: "product_name", name: "Atlassian Bamboo < 9.2.9", product: { name: "Atlassian Bamboo < 9.2.9", product_id: "T032064", product_identification_helper: { cpe: "cpe:/a:atlassian:bamboo:9.2.9", }, }, }, ], category: "product_name", name: "Bamboo", }, ], category: "vendor", name: "Atlassian", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5072", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-Überlaufs, einer unsachgemäßen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], release_date: "2024-01-15T23:00:00.000+00:00", title: "CVE-2023-5072", }, { cve: "CVE-2023-39410", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-Überlaufs, einer unsachgemäßen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], release_date: "2024-01-15T23:00:00.000+00:00", title: "CVE-2023-39410", }, { cve: "CVE-2023-36478", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-Überlaufs, einer unsachgemäßen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], release_date: "2024-01-15T23:00:00.000+00:00", title: "CVE-2023-36478", }, { cve: "CVE-2022-40152", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-Überlaufs, einer unsachgemäßen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], release_date: "2024-01-15T23:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2017-7957", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen in Eclipse Jetty, Apache Avro Java SDK, Woodstox, JSON-Java und in den XStream-Komponenten von Drittanbietern aufgrund eines Integer-Überlaufs, einer unsachgemäßen Neutralisierung von Benutzereingaben und einer fehlerhaften Behandlung von primitiven Typen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.", }, ], release_date: "2024-01-15T23:00:00.000+00:00", title: "CVE-2017-7957", }, { cve: "CVE-2020-26217", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im XStream und in der H2-Datenbank. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen.", }, ], release_date: "2024-01-15T23:00:00.000+00:00", title: "CVE-2020-26217", }, { cve: "CVE-2018-10054", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im XStream und in der H2-Datenbank. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen.", }, ], release_date: "2024-01-15T23:00:00.000+00:00", title: "CVE-2018-10054", }, { cve: "CVE-2023-46589", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im Codeplex-Codehaus und in den Apache Tomcat-Komponenten aufgrund eines Path Traversal und eines Improper Input Validation Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und einen Request Smuggling Angriff durchzuführen.", }, ], release_date: "2024-01-15T23:00:00.000+00:00", title: "CVE-2023-46589", }, { cve: "CVE-2022-4244", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Atlassian Bamboo. Diese Fehler bestehen im Codeplex-Codehaus und in den Apache Tomcat-Komponenten aufgrund eines Path Traversal und eines Improper Input Validation Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen und einen Request Smuggling Angriff durchzuführen.", }, ], release_date: "2024-01-15T23:00:00.000+00:00", title: "CVE-2022-4244", }, ], }
cve-2022-4244
Vulnerability from cvelistv5
Published
2023-09-25 19:20
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:2135 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:3906 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2022-4244 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2149841 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | RHINT Camel-K-1.10.1 |
cpe:/a:redhat:camel_k:1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-4244", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-03T18:17:37.759702Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:16:33.612Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T01:34:49.883Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:2135", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:2135", }, { name: "RHSA-2023:3906", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:3906", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2022-4244", }, { name: "RHBZ#2149841", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2149841", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:camel_k:1", ], defaultStatus: "unaffected", packageName: "codehaus-plexus", product: "RHINT Camel-K-1.10.1", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", ], defaultStatus: "unaffected", product: "RHPAM 7.13.1 async", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:a_mq_clients:2", ], defaultStatus: "unaffected", packageName: "codehaus-plexus", product: "A-MQ Clients 2", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:amq_online:1", ], defaultStatus: "affected", packageName: "codehaus-plexus", product: "Red Hat A-MQ Online", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:camel_spring_boot:3", ], defaultStatus: "affected", packageName: "codehaus-plexus", product: "Red Hat build of Apache Camel for Spring Boot", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:quarkus:2", ], defaultStatus: "affected", packageName: "codehaus-plexus", product: "Red Hat build of Quarkus", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_data_grid:8", ], defaultStatus: "affected", packageName: "codehaus-plexus", product: "Red Hat Data Grid 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_enterprise_brms_platform:7", ], defaultStatus: "unknown", packageName: "codehaus-plexus", product: "Red Hat Decision Manager 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "plexus-utils", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "maven:3.6/plexus-utils", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "maven:3.8/plexus-utils", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "maven:3.8/plexus-utils", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "unaffected", packageName: "plexus-utils", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:camel_quarkus:2", ], defaultStatus: "affected", packageName: "codehaus-plexus", product: "Red Hat Integration Camel Quarkus", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:integration:1", ], defaultStatus: "affected", packageName: "codehaus-plexus", product: "Red Hat Integration Change Data Capture", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:service_registry:2", ], defaultStatus: "affected", packageName: "codehaus-plexus", product: "Red Hat Integration Service Registry", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:amq_broker:7", ], defaultStatus: "unaffected", packageName: "codehaus-plexus", product: "Red Hat JBoss A-MQ 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_data_grid:7", ], defaultStatus: "unknown", packageName: "codehaus-plexus", product: "Red Hat JBoss Data Grid 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:6", ], defaultStatus: "unknown", packageName: "codehaus-plexus", product: "Red Hat JBoss Enterprise Application Platform 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_application_platform:7", ], defaultStatus: "affected", packageName: "codehaus-plexus", product: "Red Hat JBoss Enterprise Application Platform 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jbosseapxp", ], defaultStatus: "affected", packageName: "codehaus-plexus", product: "Red Hat JBoss Enterprise Application Platform Expansion Pack", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_fuse:6", ], defaultStatus: "unknown", packageName: "codehaus-plexus", product: "Red Hat JBoss Fuse 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_fuse:7", ], defaultStatus: "affected", packageName: "codehaus-plexus", product: "Red Hat JBoss Fuse 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_fuse_service_works:6", ], defaultStatus: "unknown", packageName: "codehaus-plexus", product: "Red Hat JBoss Fuse Service Works 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_web_server:3", ], defaultStatus: "unknown", packageName: "codehaus-plexus", product: "Red Hat JBoss Web Server 3", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_enterprise_web_server:5", ], defaultStatus: "unaffected", packageName: "codehaus-plexus", product: "Red Hat JBoss Web Server 5", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_application_runtimes:1.0", ], defaultStatus: "unaffected", packageName: "codehaus-plexus", product: "Red Hat OpenShift Application Runtimes", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", ], defaultStatus: "unknown", packageName: "codehaus-plexus", product: "Red Hat Process Automation 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:red_hat_single_sign_on:7", ], defaultStatus: "unaffected", packageName: "org.codehaus.plexus-plexus-utils", product: "Red Hat Single Sign-On 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "affected", packageName: "rh-maven36-byte-buddy", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "unaffected", packageName: "rh-maven36-maven", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "unaffected", packageName: "rh-maven36-maven-archiver", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "affected", packageName: "rh-maven36-maven-assembly-plugin", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "affected", packageName: "rh-maven36-maven-compiler-plugin", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "unaffected", packageName: "rh-maven36-maven-jar-plugin", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "affected", packageName: "rh-maven36-maven-plugin-bundle", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "unaffected", packageName: "rh-maven36-maven-remote-resources-plugin", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "affected", packageName: "rh-maven36-maven-shade-plugin", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "affected", packageName: "rh-maven36-maven-source-plugin", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "affected", packageName: "rh-maven36-maven-surefire", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_software_collections:3", ], defaultStatus: "unaffected", packageName: "rh-maven36-plexus-utils", product: "Red Hat Software Collections", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift_application_runtimes:1.0", ], defaultStatus: "affected", packageName: "codehaus-plexus", product: "Red Hat support for Spring Boot", vendor: "Red Hat", }, ], datePublic: "2022-12-01T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-03T15:32:27.644Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:2135", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:2135", }, { name: "RHSA-2023:3906", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:3906", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2022-4244", }, { name: "RHBZ#2149841", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2149841", }, ], timeline: [ { lang: "en", time: "2022-12-01T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2022-12-01T00:00:00+00:00", value: "Made public.", }, ], title: "Codehaus-plexus: directory traversal", x_redhatCweChain: "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-4244", datePublished: "2023-09-25T19:20:04.703Z", dateReserved: "2022-12-01T06:39:33.189Z", dateUpdated: "2024-08-03T01:34:49.883Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46589
Vulnerability from cvelistv5
Published
2023-11-28 15:31
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.
Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Version: 11.0.0-M1 ≤ 11.0.0-M10 Version: 10.1.0-M1 ≤ 10.1.15 Version: 9.0.0-M1 ≤ 9.0.82 Version: 8.5.0 ≤ 8.5.95 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tomcat", vendor: "apache", versions: [ { lessThanOrEqual: "11.0.0-m10", status: "affected", version: "11.0.0-m1", versionType: "custom", }, { lessThanOrEqual: "10.1.15", status: "affected", version: "10.1.0-M1", versionType: "custom", }, { lessThanOrEqual: "9.0.82", status: "affected", version: "9.0.0-M1", versionType: "custom", }, { lessThanOrEqual: "8.5.95", status: "affected", version: "8.5.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-46589", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T16:04:24.661745Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T17:19:10.688Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T20:45:42.297Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/11/28/2", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231214-0009/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Tomcat", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "11.0.0-M10", status: "affected", version: "11.0.0-M1", versionType: "semver", }, { lessThanOrEqual: "10.1.15", status: "affected", version: "10.1.0-M1", versionType: "semver", }, { lessThanOrEqual: "9.0.82", status: "affected", version: "9.0.0-M1", versionType: "semver", }, { lessThanOrEqual: "8.5.95", status: "affected", version: "8.5.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Norihito Aimoto (OSSTech Corporation)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper Input Validation vulnerability in Apache Tomcat.<p>Tomcat <span style=\"background-color: rgb(255, 255, 255);\">from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95</span> did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.<br></p><p><span style=\"background-color: var(--wht);\">Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.</span></p><br>", }, ], value: "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nUsers are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.", }, ], metrics: [ { other: { content: { text: "important", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-444", description: "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-05T11:06:17.325Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr", }, { url: "https://www.openwall.com/lists/oss-security/2023/11/28/2", }, { url: "https://security.netapp.com/advisory/ntap-20231214-0009/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html", }, ], source: { discovery: "EXTERNAL", }, title: "Apache Tomcat: HTTP request smuggling via malformed trailer headers", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-46589", datePublished: "2023-11-28T15:31:52.366Z", dateReserved: "2023-10-23T08:14:01.046Z", dateUpdated: "2025-02-13T17:14:25.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36478
Vulnerability from cvelistv5
Published
2023-10-10 16:53
Modified
2025-02-13 16:56
Severity ?
EPSS score ?
Summary
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to
exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295
will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eclipse | jetty.project |
Version: >= 10.0.0, < 10.0.16 Version: >= 11.0.0, < 11.0.16 Version: >= 9.3.0, < 9.4.53 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:57.038Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r", }, { name: "https://github.com/eclipse/jetty.project/pull/9634", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/pull/9634", }, { name: "https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16", }, { name: "https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16", }, { name: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5540", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0011/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "jetty.project", vendor: "eclipse", versions: [ { status: "affected", version: ">= 10.0.0, < 10.0.16", }, { status: "affected", version: ">= 11.0.0, < 11.0.16", }, { status: "affected", version: ">= 9.3.0, < 9.4.53", }, ], }, ], descriptions: [ { lang: "en", value: "Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to\nexceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295\nwill overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:08:04.429Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r", }, { name: "https://github.com/eclipse/jetty.project/pull/9634", tags: [ "x_refsource_MISC", ], url: "https://github.com/eclipse/jetty.project/pull/9634", }, { name: "https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16", tags: [ "x_refsource_MISC", ], url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16", }, { name: "https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16", tags: [ "x_refsource_MISC", ], url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16", }, { name: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009", tags: [ "x_refsource_MISC", ], url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009", }, { url: "http://www.openwall.com/lists/oss-security/2023/10/18/4", }, { url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", }, { url: "https://www.debian.org/security/2023/dsa-5540", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0011/", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], source: { advisory: "GHSA-wgh7-54f2-x98r", discovery: "UNKNOWN", }, title: "HTTP/2 HPACK integer overflow and buffer allocation", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-36478", datePublished: "2023-10-10T16:53:07.063Z", dateReserved: "2023-06-21T18:50:41.704Z", dateUpdated: "2025-02-13T16:56:19.080Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39410
Vulnerability from cvelistv5
Published
2023-09-29 16:23
Modified
2025-02-13 17:03
Severity ?
EPSS score ?
Summary
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Avro Java SDK |
Version: 0 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apache:avro:-:*:*:*:*:rust:*:*", ], defaultStatus: "unknown", product: "avro", vendor: "apache", versions: [ { lessThan: "1.11.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-39410", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T19:07:20.270770Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T19:09:26.935Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T18:10:20.868Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/09/29/6", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Avro Java SDK", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.11.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Adam Korczynski at ADA Logics Ltd", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div>When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.</div><div><br></div><div>This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.</div><div><br></div>", }, ], value: "When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:06:21.390Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds", }, { url: "https://www.openwall.com/lists/oss-security/2023/09/29/6", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], source: { defect: [ "AVRO-3819", ], discovery: "EXTERNAL", }, title: "Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-39410", datePublished: "2023-09-29T16:23:34.021Z", dateReserved: "2023-07-31T17:55:21.702Z", dateUpdated: "2025-02-13T17:03:03.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10054
Vulnerability from cvelistv5
Published
2018-04-11 00:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2018-10054", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T19:31:33.263650Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T19:31:55.650Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-05T07:32:00.906Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://forum.datomic.com/t/important-security-update-0-9-5697/379", }, { name: "44422", tags: [ "exploit", "x_transferred", ], url: "https://www.exploit-db.com/exploits/44422/", }, { tags: [ "x_transferred", ], url: "http://blog.datomic.com/2018/03/important-security-update.html", }, { tags: [ "x_transferred", ], url: "https://mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.html", }, { name: "[ignite-user] 20191213 Re: H2 version security concern", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E", }, { name: "[nifi-commits] 20200421 svn commit: r1876802 - /nifi/site/trunk/registry-security.html", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E", }, { tags: [ "x_transferred", ], url: "https://github.com/h2database/h2database/issues/1225", }, { tags: [ "x_transferred", ], url: "https://github.com/h2database/h2database/issues/3099", }, { tags: [ "x_transferred", ], url: "https://github.com/h2database/h2database/issues/1808#issuecomment-599203115", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240719-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-04-11T00:00:00", descriptions: [ { lang: "en", value: "H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is \"h2 is not designed to be run outside of a secure environment.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-19T13:06:06.033584", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://forum.datomic.com/t/important-security-update-0-9-5697/379", }, { name: "44422", tags: [ "exploit", ], url: "https://www.exploit-db.com/exploits/44422/", }, { url: "http://blog.datomic.com/2018/03/important-security-update.html", }, { url: "https://mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.html", }, { name: "[ignite-user] 20191213 Re: H2 version security concern", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3E", }, { name: "[nifi-commits] 20200421 svn commit: r1876802 - /nifi/site/trunk/registry-security.html", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3E", }, { url: "https://github.com/h2database/h2database/issues/1225", }, { url: "https://github.com/h2database/h2database/issues/3099", }, { url: "https://github.com/h2database/h2database/issues/1808#issuecomment-599203115", }, { url: "https://security.netapp.com/advisory/ntap-20240719-0003/", }, ], tags: [ "disputed", ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10054", datePublished: "2018-04-11T00:00:00", dateReserved: "2018-04-11T00:00:00", dateUpdated: "2024-08-05T07:32:00.906Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5072
Vulnerability from cvelistv5
Published
2023-10-12 16:13
Modified
2025-02-13 17:19
Severity ?
EPSS score ?
Summary
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| https://github.com/stleary/JSON-java | n/a |
Version: 0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:44:53.789Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/stleary/JSON-java/issues/758", }, { tags: [ "x_transferred", ], url: "https://github.com/stleary/JSON-java/issues/771", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/13/4", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-5072", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T16:23:55.801589Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T16:24:03.711Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "n/a", vendor: "https://github.com/stleary/JSON-java", versions: [ { lessThanOrEqual: "20230618", status: "affected", version: "0", versionType: "date", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Denial of Service in </span><span style=\"background-color: rgb(255, 255, 255);\">JSON-Java versions up to and including 20230618. </span><span style=\"background-color: rgb(255, 255, 255);\">A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span><br>", }, ], value: "Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.", }, ], impacts: [ { capecId: "CAPEC-197", descriptions: [ { lang: "en", value: "CAPEC-197 Exponential Data Expansion", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:08:23.050Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/stleary/JSON-java/issues/758", }, { url: "https://github.com/stleary/JSON-java/issues/771", }, { url: "http://www.openwall.com/lists/oss-security/2023/12/13/4", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "DoS Vulnerability in JSON-Java", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2023-5072", datePublished: "2023-10-12T16:13:27.974Z", dateReserved: "2023-09-19T18:29:03.608Z", dateUpdated: "2025-02-13T17:19:28.975Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-26217
Vulnerability from cvelistv5
Published
2020-11-16 21:00
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:49:07.258Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://x-stream.github.io/CVE-2020-26217.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a", }, { name: "[debian-lts-announce] 20201201 [SECURITY] [DLA 2471-1] libxstream-java security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00001.html", }, { name: "DSA-4811", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4811", }, { name: "[activemq-issues] 20201230 [jira] [Created] (AMQ-8107) Does ActiveMQ use the affected functionality within Xstream libraries for CVE-2020-26217", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/redde3609b89b2a4ff18b536a06ef9a77deb93d47fda8ed28086fa8c3%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20201230 [jira] [Updated] (AMQ-8107) Does ActiveMQ use the affected functionality within Xstream libraries for CVE-2020-26217", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r826a006fda71cc96fc87b6eca4b5d195f19a292ad36cea501682c38c%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20210104 [jira] [Resolved] (AMQ-8107) Does ActiveMQ use the affected functionality within Xstream libraries for CVE-2020-26217", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2de526726e7f4db4a7cb91b7355070779f51a84fd985c6529c2f4e9e%40%3Cissues.activemq.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210409-0004/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[camel-commits] 20211006 [camel] branch main updated: Camel-XStream: Added a test about CVE-2020-26217", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7c9fc255edc0b9cd9567093d131f6d33fde4c662aaf912460ef630e9%40%3Ccommits.camel.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "xstream", vendor: "x-stream", versions: [ { status: "affected", version: "< 1.4.14", }, ], }, ], descriptions: [ { lang: "en", value: "XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 OS Command Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-19T23:22:18", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://x-stream.github.io/CVE-2020-26217.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a", }, { name: "[debian-lts-announce] 20201201 [SECURITY] [DLA 2471-1] libxstream-java security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00001.html", }, { name: "DSA-4811", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4811", }, { name: "[activemq-issues] 20201230 [jira] [Created] (AMQ-8107) Does ActiveMQ use the affected functionality within Xstream libraries for CVE-2020-26217", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/redde3609b89b2a4ff18b536a06ef9a77deb93d47fda8ed28086fa8c3%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20201230 [jira] [Updated] (AMQ-8107) Does ActiveMQ use the affected functionality within Xstream libraries for CVE-2020-26217", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r826a006fda71cc96fc87b6eca4b5d195f19a292ad36cea501682c38c%40%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20210104 [jira] [Resolved] (AMQ-8107) Does ActiveMQ use the affected functionality within Xstream libraries for CVE-2020-26217", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2de526726e7f4db4a7cb91b7355070779f51a84fd985c6529c2f4e9e%40%3Cissues.activemq.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210409-0004/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[camel-commits] 20211006 [camel] branch main updated: Camel-XStream: Added a test about CVE-2020-26217", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r7c9fc255edc0b9cd9567093d131f6d33fde4c662aaf912460ef630e9%40%3Ccommits.camel.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], source: { advisory: "GHSA-mw36-7c6c-q4q2", discovery: "UNKNOWN", }, title: "Remote Code Execution in XStream", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2020-26217", STATE: "PUBLIC", TITLE: "Remote Code Execution in XStream", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "xstream", version: { version_data: [ { version_value: "< 1.4.14", }, ], }, }, ], }, vendor_name: "x-stream", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78 OS Command Injection", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2", refsource: "CONFIRM", url: "https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2", }, { name: "https://x-stream.github.io/CVE-2020-26217.html", refsource: "CONFIRM", url: "https://x-stream.github.io/CVE-2020-26217.html", }, { name: "https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a", refsource: "CONFIRM", url: "https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a", }, { name: "[debian-lts-announce] 20201201 [SECURITY] [DLA 2471-1] libxstream-java security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/12/msg00001.html", }, { name: "DSA-4811", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4811", }, { name: "[activemq-issues] 20201230 [jira] [Created] (AMQ-8107) Does ActiveMQ use the affected functionality within Xstream libraries for CVE-2020-26217", refsource: "MLIST", url: "https://lists.apache.org/thread.html/redde3609b89b2a4ff18b536a06ef9a77deb93d47fda8ed28086fa8c3@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20201230 [jira] [Updated] (AMQ-8107) Does ActiveMQ use the affected functionality within Xstream libraries for CVE-2020-26217", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r826a006fda71cc96fc87b6eca4b5d195f19a292ad36cea501682c38c@%3Cissues.activemq.apache.org%3E", }, { name: "[activemq-issues] 20210104 [jira] [Resolved] (AMQ-8107) Does ActiveMQ use the affected functionality within Xstream libraries for CVE-2020-26217", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2de526726e7f4db4a7cb91b7355070779f51a84fd985c6529c2f4e9e@%3Cissues.activemq.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "https://security.netapp.com/advisory/ntap-20210409-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210409-0004/", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "[camel-commits] 20211006 [camel] branch main updated: Camel-XStream: Added a test about CVE-2020-26217", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r7c9fc255edc0b9cd9567093d131f6d33fde4c662aaf912460ef630e9@%3Ccommits.camel.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, ], }, source: { advisory: "GHSA-mw36-7c6c-q4q2", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2020-26217", datePublished: "2020-11-16T21:00:18", dateReserved: "2020-10-01T00:00:00", dateUpdated: "2024-08-04T15:49:07.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7957
Vulnerability from cvelistv5
Published
2017-04-29 19:00
Modified
2024-08-05 16:19
Severity ?
EPSS score ?
Summary
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2017:2888 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2017:1832 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2017:2889 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1039499 | vdb-entry, x_refsource_SECTRACK | |
| https://www-prd-trops.events.ibm.com/node/715749 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/125800 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2017/dsa-3841 | vendor-advisory, x_refsource_DEBIAN | |
| http://x-stream.github.io/CVE-2017-7957.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100687 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:19:29.479Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2017:2888", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2888", }, { name: "RHSA-2017:1832", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:1832", }, { name: "RHSA-2017:2889", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2017:2889", }, { name: "1039499", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039499", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www-prd-trops.events.ibm.com/node/715749", }, { name: "xstream-cve20177957-dos(125800)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125800", }, { name: "DSA-3841", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2017/dsa-3841", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://x-stream.github.io/CVE-2017-7957.html", }, { name: "100687", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100687", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-04-29T00:00:00", descriptions: [ { lang: "en", value: "XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML(\"<void/>\") call.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-05T17:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2017:2888", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2888", }, { name: "RHSA-2017:1832", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:1832", }, { name: "RHSA-2017:2889", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2017:2889", }, { name: "1039499", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039499", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www-prd-trops.events.ibm.com/node/715749", }, { name: "xstream-cve20177957-dos(125800)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125800", }, { name: "DSA-3841", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2017/dsa-3841", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://x-stream.github.io/CVE-2017-7957.html", }, { name: "100687", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100687", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-7957", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML(\"<void/>\") call.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2017:2888", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2888", }, { name: "RHSA-2017:1832", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:1832", }, { name: "RHSA-2017:2889", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2017:2889", }, { name: "1039499", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039499", }, { name: "https://www-prd-trops.events.ibm.com/node/715749", refsource: "CONFIRM", url: "https://www-prd-trops.events.ibm.com/node/715749", }, { name: "xstream-cve20177957-dos(125800)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/125800", }, { name: "DSA-3841", refsource: "DEBIAN", url: "http://www.debian.org/security/2017/dsa-3841", }, { name: "http://x-stream.github.io/CVE-2017-7957.html", refsource: "CONFIRM", url: "http://x-stream.github.io/CVE-2017-7957.html", }, { name: "100687", refsource: "BID", url: "http://www.securityfocus.com/bid/100687", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-7957", datePublished: "2017-04-29T19:00:00", dateReserved: "2017-04-19T00:00:00", dateUpdated: "2024-08-05T16:19:29.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40152
Vulnerability from cvelistv5
Published
2022-09-16 10:00
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:14:39.628Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/x-stream/xstream/issues/304", }, { tags: [ "x_transferred", ], url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Woodstox", vendor: "xstream", versions: [ { lessThan: "6.4.0", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "5.4.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2022-08-11T00:00:00", descriptions: [ { lang: "en", value: "Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-25T00:00:00", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { url: "https://github.com/x-stream/xstream/issues/304", }, { url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434", }, ], source: { discovery: "INTERNAL", }, title: "Stack Buffer Overflow in Woodstox", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2022-40152", datePublished: "2022-09-16T10:00:22.101297Z", dateReserved: "2022-09-07T00:00:00", dateUpdated: "2024-09-16T19:14:50.292Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.