apk package
wolfi/sonarqube
pkg:apk/wolfi/sonarqube
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47554 | — | < 25.6.0.109173-r0 | 25.6.0.109173-r0 | Oct 3, 2024 | Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are | ||
| CVE-2024-37280 | — | < 25.10.0.114319-r0 | 25.10.0.114319-r0 | Jun 13, 2024 | A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lea | ||
| CVE-2024-23445 | — | < 25.10.0.114319-r0 | 25.10.0.114319-r0 | Jun 12, 2024 | It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_s | ||
| CVE-2024-30172 | Hig | 7.5 | < 25.10.0.114319-r0 | 25.10.0.114319-r0 | May 14, 2024 | An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key. | |
| CVE-2023-44483 | Med | 6.5 | < 25.10.0.114319-r0 | 25.10.0.114319-r0 | Oct 20, 2023 | All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are | |
| CVE-2022-40152 | Med | 6.5 | < 25.10.0.114319-r0 | 25.10.0.114319-r0 | Sep 16, 2022 | Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denia |
- CVE-2024-47554Oct 3, 2024affected < 25.6.0.109173-r0fixed 25.6.0.109173-r0
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are
- CVE-2024-37280Jun 13, 2024affected < 25.10.0.114319-r0fixed 25.10.0.114319-r0
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lea
- CVE-2024-23445Jun 12, 2024affected < 25.10.0.114319-r0fixed 25.10.0.114319-r0
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_s
- affected < 25.10.0.114319-r0fixed 25.10.0.114319-r0
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
- affected < 25.10.0.114319-r0fixed 25.10.0.114319-r0
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are
- affected < 25.10.0.114319-r0fixed 25.10.0.114319-r0
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denia
Page 2 of 2