VYPR

apk package

chainguard/opensearch-2-notifications

pkg:apk/chainguard/opensearch-2-notifications

Vulnerabilities (26)

  • CVE-2024-21742MedFeb 27, 2024
    affected < 2.14.0-r0fixed 2.14.0-r0

    Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

  • CVE-2024-26308MedFeb 19, 2024
    affected < 2.12.0-r1fixed 2.12.0-r1

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

  • CVE-2024-25710HigFeb 19, 2024
    affected < 2.12.0-r1fixed 2.12.0-r1

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

  • CVE-2023-42503MedSep 14, 2023
    affected < 2.10.0-r1fixed 2.10.0-r1

    Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can

  • CVE-2023-35116MedJun 14, 2023
    affected < 0fixed 0

    jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cycli

  • CVE-2022-45146MedNov 21, 2022
    affected < 2.11.1-r1fixed 2.11.1-r1

    An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in us

Page 2 of 2