VYPR

apk package

wolfi/druid

pkg:apk/wolfi/druid

Vulnerabilities (111)

  • CVE-2022-40150MedSep 16, 2022
    affected < 35.0.1-r5fixed 35.0.1-r5

    Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of ser

  • CVE-2022-40149MedSep 16, 2022
    affected < 35.0.1-r5fixed 35.0.1-r5

    Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of ser

  • CVE-2022-2047LowJul 7, 2022
    affected < 37.0.0-r14fixed 37.0.0-r14

    In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenar

  • CVE-2021-22570MedJan 26, 2022
    affected < 34.0.0-r6fixed 34.0.0-r6

    Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend

  • CVE-2021-43797MedDec 9, 2021
    affected < 0fixed 0

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It shoul

  • CVE-2021-31684HigJun 1, 2021
    affected < 37.0.0-r14fixed 37.0.0-r14

    A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.

  • CVE-2021-21409MedMar 30, 2021
    affected < 0fixed 0

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smug

  • CVE-2021-21295MedMar 9, 2021
    affected < 0fixed 0

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smug

  • CVE-2021-21290MedFeb 8, 2021
    affected < 0fixed 0

    Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file.

  • CVE-2019-20445CriJan 29, 2020
    affected < 0fixed 0

    HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

  • CVE-2018-1320HigJan 7, 2019
    affected < 32.0.1-r1fixed 32.0.1-r1

    Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production

Page 6 of 6