VYPR

apk package

chainguard/elasticsearch-config

pkg:apk/chainguard/elasticsearch-config

Vulnerabilities (28)

  • CVE-2023-52428Feb 11, 2024
    affected < 8.13.2-r1fixed 8.13.2-r1

    In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

  • CVE-2023-34054Nov 28, 2023
    affected < 8.12.1-r0fixed 8.12.1-r0

    In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty

  • CVE-2023-34062Nov 15, 2023
    affected < 8.12.1-r0fixed 8.12.1-r0

    In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Serv

  • CVE-2023-44483Oct 20, 2023
    affected < 8.12.1-r0fixed 8.12.1-r0

    All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are

  • CVE-2023-33201Jul 5, 2023
    affected < 8.12.1-r0fixed 8.12.1-r0

    Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certif

  • CVE-2023-1370Mar 13, 2023
    affected < 8.13.2-r1fixed 8.13.2-r1

    [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting o

  • CVE-2022-45146Nov 21, 2022
    affected < 8.12.1-r0fixed 8.12.1-r0

    An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in us

  • CVE-2020-15522May 20, 2021
    affected < 8.12.1-r0fixed 8.12.1-r0

    Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the ge

Page 2 of 2