apk package
chainguard/jenkins-2.452
pkg:apk/chainguard/jenkins-2.452
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-8184 | — | < 2.452.4-r4 | 2.452.4-r4 | Oct 14, 2024 | There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's | ||
| CVE-2024-38809 | Med | 5.3 | < 2.452.4-r3 | 2.452.4-r3 | Sep 27, 2024 | Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-Non | |
| CVE-2024-38808 | — | < 2.452.4-r1 | 2.452.4-r1 | Aug 20, 2024 | In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when t | ||
| CVE-2016-1000027 | — | < 0 | 0 | Jan 2, 2020 | Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NO |
- CVE-2024-8184Oct 14, 2024affected < 2.452.4-r4fixed 2.452.4-r4
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's
- affected < 2.452.4-r3fixed 2.452.4-r3
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-Non
- CVE-2024-38808Aug 20, 2024affected < 2.452.4-r1fixed 2.452.4-r1
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when t
- CVE-2016-1000027Jan 2, 2020affected < 0fixed 0
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NO