VYPR

apk package

wolfi/sonarqube

pkg:apk/wolfi/sonarqube

Vulnerabilities (26)

  • CVE-2024-47554Oct 3, 2024
    affected < 25.6.0.109173-r0fixed 25.6.0.109173-r0

    Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are

  • CVE-2024-37280Jun 13, 2024
    affected < 25.10.0.114319-r0fixed 25.10.0.114319-r0

    A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lea

  • CVE-2024-23445Jun 12, 2024
    affected < 25.10.0.114319-r0fixed 25.10.0.114319-r0

    It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body  restricts search for a given index using the query or the field_s

  • CVE-2024-30172HigMay 14, 2024
    affected < 25.10.0.114319-r0fixed 25.10.0.114319-r0

    An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

  • CVE-2023-44483MedOct 20, 2023
    affected < 25.10.0.114319-r0fixed 25.10.0.114319-r0

    All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are

  • CVE-2022-40152MedSep 16, 2022
    affected < 25.10.0.114319-r0fixed 25.10.0.114319-r0

    Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denia

Page 2 of 2