VYPR

apk package

chainguard/apache-nifi-toolkit

pkg:apk/chainguard/apache-nifi-toolkit

Vulnerabilities (51)

  • CVE-2024-30172HigMay 14, 2024
    affected < 2.6.0-r2fixed 2.6.0-r2

    An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

  • CVE-2023-51775Dec 25, 2023
    affected < 2.6.0-r2fixed 2.6.0-r2

    The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

  • CVE-2023-46120Oct 24, 2023
    affected < 2.6.0-r2fixed 2.6.0-r2

    The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. U

  • CVE-2023-34462Jun 22, 2023
    affected < 2.6.0-r2fixed 2.6.0-r2

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does

  • CVE-2022-41915Dec 13, 2022
    affected < 2.6.0-r2fixed 2.6.0-r2

    Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values

  • CVE-2022-41881Dec 12, 2022
    affected < 2.6.0-r2fixed 2.6.0-r2

    Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no wor

  • CVE-2022-3510Nov 11, 2022
    affected < 2.6.0-r2fixed 2.6.0-r2

    A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeat

  • CVE-2022-3509Nov 1, 2022
    affected < 2.6.0-r2fixed 2.6.0-r2

    A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown

  • CVE-2022-3171Oct 12, 2022
    affected < 2.6.0-r2fixed 2.6.0-r2

    A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be

  • CVE-2021-38153Sep 22, 2021
    affected < 2.6.0-r2fixed 2.6.0-r2

    Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnera

  • CVE-2016-1000027Jan 2, 2020
    affected < 0fixed 0

    Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NO

Page 3 of 3