VYPR

apk package

wolfi/opensearch-2-discovery-ec2

pkg:apk/wolfi/opensearch-2-discovery-ec2

Vulnerabilities (27)

  • CVE-2024-28752Mar 15, 2024
    affected < 2.13.0-r0fixed 2.13.0-r0

    A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding)

  • CVE-2024-21742Feb 27, 2024
    affected < 2.14.0-r0fixed 2.14.0-r0

    Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

  • CVE-2024-25710Feb 19, 2024
    affected < 2.12.0-r1fixed 2.12.0-r1

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

  • CVE-2024-26308Feb 19, 2024
    affected < 2.12.0-r1fixed 2.12.0-r1

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

  • CVE-2023-42503Sep 14, 2023
    affected < 2.10.0-r1fixed 2.10.0-r1

    Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can

  • CVE-2023-35116Jun 14, 2023
    affected < 0fixed 0

    jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cycli

  • CVE-2022-45146Nov 21, 2022
    affected < 2.11.1-r1fixed 2.11.1-r1

    An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in us

Page 2 of 2