apk package
chainguard/opensearch-2-discovery-ec2
pkg:apk/chainguard/opensearch-2-discovery-ec2
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-28752 | — | < 2.13.0-r0 | 2.13.0-r0 | Mar 15, 2024 | A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) | ||
| CVE-2024-21742 | — | < 2.14.0-r0 | 2.14.0-r0 | Feb 27, 2024 | Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. | ||
| CVE-2024-25710 | — | < 2.12.0-r1 | 2.12.0-r1 | Feb 19, 2024 | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. | ||
| CVE-2024-26308 | — | < 2.12.0-r1 | 2.12.0-r1 | Feb 19, 2024 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue. | ||
| CVE-2023-42503 | — | < 2.10.0-r1 | 2.10.0-r1 | Sep 14, 2023 | Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can | ||
| CVE-2023-35116 | — | < 0 | 0 | Jun 14, 2023 | jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cycli | ||
| CVE-2022-45146 | — | < 2.11.1-r1 | 2.11.1-r1 | Nov 21, 2022 | An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in us |
- CVE-2024-28752Mar 15, 2024affected < 2.13.0-r0fixed 2.13.0-r0
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding)
- CVE-2024-21742Feb 27, 2024affected < 2.14.0-r0fixed 2.14.0-r0
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.
- CVE-2024-25710Feb 19, 2024affected < 2.12.0-r1fixed 2.12.0-r1
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.
- CVE-2024-26308Feb 19, 2024affected < 2.12.0-r1fixed 2.12.0-r1
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
- CVE-2023-42503Sep 14, 2023affected < 2.10.0-r1fixed 2.10.0-r1
Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can
- CVE-2023-35116Jun 14, 2023affected < 0fixed 0
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cycli
- CVE-2022-45146Nov 21, 2022affected < 2.11.1-r1fixed 2.11.1-r1
An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in us
Page 2 of 2