VYPR

apk package

wolfi/celeborn-0.5

pkg:apk/wolfi/celeborn-0.5

Vulnerabilities (38)

  • CVE-2024-47554Oct 3, 2024
    affected < 0.5.4-r26fixed 0.5.4-r26

    Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are

  • CVE-2024-23454Sep 25, 2024
    affected < 0.5.4-r26fixed 0.5.4-r26

    Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared bet

  • CVE-2024-7254Sep 19, 2024
    affected < 0.5.4-r26fixed 0.5.4-r26

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf

  • CVE-2024-25638HigJul 22, 2024
    affected < 0.5.4-r26fixed 0.5.4-r26

    dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

  • CVE-2024-29025Mar 25, 2024
    affected < 0.5.4-r26fixed 0.5.4-r26

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, t

  • CVE-2024-29131Mar 21, 2024
    affected < 0.5.4-r26fixed 0.5.4-r26

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

  • CVE-2024-29133Mar 21, 2024
    affected < 0.5.4-r26fixed 0.5.4-r26

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

  • CVE-2024-25710Feb 19, 2024
    affected < 0.5.4-r26fixed 0.5.4-r26

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

  • CVE-2024-26308Feb 19, 2024
    affected < 0.5.4-r26fixed 0.5.4-r26

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

  • CVE-2023-52428Feb 11, 2024
    affected < 0.5.4-r26fixed 0.5.4-r26

    In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

  • CVE-2023-2976Jun 14, 2023
    affected < 0.5.4-r26fixed 0.5.4-r26

    Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to

  • CVE-2023-1370Mar 13, 2023
    affected < 0.5.4-r26fixed 0.5.4-r26

    [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting o

  • CVE-2022-3510Nov 11, 2022
    affected < 0.5.4-r26fixed 0.5.4-r26

    A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeat

  • CVE-2022-3509Nov 1, 2022
    affected < 0.5.4-r26fixed 0.5.4-r26

    A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown

  • CVE-2022-3171Oct 12, 2022
    affected < 0.5.4-r26fixed 0.5.4-r26

    A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be

  • CVE-2021-22569Jan 7, 2022
    affected < 0.5.4-r26fixed 0.5.4-r26

    An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre

  • CVE-2021-31684Jun 1, 2021
    affected < 0.5.4-r26fixed 0.5.4-r26

    A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.

  • CVE-2020-8908Dec 10, 2020
    affected < 0.5.4-r26fixed 0.5.4-r26

    A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the

Page 2 of 2