docker build -t fr .docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
aquasec/trivy \
image fr --ignore-unfixed -f table \
> fr_trivy.txt
Last active
May 15, 2023 15:38
-
-
Save jamiejackson/9927836b8af80cc595c5c85a3de42175 to your computer and use it in GitHub Desktop.
FusionReactor 9.2.2 Security Vulnerabilities
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM alpine as builder | |
| RUN apk add curl | |
| RUN mkdir -p /opt/fusionreactor /opt/fusionreactor/conf \ | |
| && cd /opt/fusionreactor \ | |
| && curl -O https://download.fusionreactor.io/FR/FusionReactor-9.2.2/fusionreactor.jar \ | |
| && curl -O https://download.fusionreactor.io/FR/FusionReactor-9.2.2/libfrjvmti_x64.so | |
| FROM scratch | |
| COPY --from=builder /opt/fusionreactor/* / |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java (jar) | |
| ========== | |
| Total: 60 (UNKNOWN: 1, LOW: 1, MEDIUM: 15, HIGH: 17, CRITICAL: 26) | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ¬ββββββββββββββββββββββ¬βββββββββββ¬ββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| β Library β Vulnerability β Severity β Installed Version β Fixed Version β Title β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββΌβββββββββββΌββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β com.fasterxml.jackson.core:jackson-databind β CVE-2017-15095 β CRITICAL β 2.6.6 β 2.7.9.2, 2.8.10, 2.9.1 β jackson-databind: Unsafe deserialization due to incomplete β | |
| β (fusionreactor.jar) β β β β β black list (incomplete fix for CVE-2017-7525)... β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2017-15095 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2017-7525 β β β 2.6.7.1, 2.7.9.1, 2.8.9 β jackson-databind: Deserialization vulnerability via β | |
| β β β β β β readValue method of ObjectMapper β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2017-7525 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2018-11307 β β β 2.7.9.4, 2.8.11.2, 2.9.6 β jackson-databind: Potential information exfiltration with β | |
| β β β β β β default typing, serialization gadget from MyBatis β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-11307 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2018-14718 β β β 2.6.7.2, 2.9.7 β jackson-databind: arbitrary code execution in slf4j-ext β | |
| β β β β β β class β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-14718 β | |
| β βββββββββββββββββββββββ€ β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2018-14719 β β β β jackson-databind: arbitrary code execution in blaze-ds-opt β | |
| β β β β β β and blaze-ds-core classes β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-14719 β | |
| β βββββββββββββββββββββββ€ β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2018-14720 β β β β jackson-databind: exfiltration/XXE in some JDK classes β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-14720 β | |
| β βββββββββββββββββββββββ€ β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2018-14721 β β β β jackson-databind: server-side request forgery (SSRF) in β | |
| β β β β β β axis2-jaxws class β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-14721 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2018-19360 β β β 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.8 β jackson-databind: improper polymorphic deserialization in β | |
| β β β β β β axis2-transport-jms class β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-19360 β | |
| β βββββββββββββββββββββββ€ β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2018-19361 β β β β jackson-databind: improper polymorphic deserialization in β | |
| β β β β β β openjpa class β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-19361 β | |
| β βββββββββββββββββββββββ€ β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2018-19362 β β β β jackson-databind: improper polymorphic deserialization in β | |
| β β β β β β jboss-common-core class β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-19362 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2018-7489 β β β 2.7.9.3, 2.8.11.1, 2.9.5 β jackson-databind: incomplete fix for CVE-2017-7525 permits β | |
| β β β β β β unsafe serialization via c3p0 libraries β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-7489 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2019-14540 β β β 2.9.10 β jackson-databind: Serialization gadgets in β | |
| β β β β β β com.zaxxer.hikari.HikariConfig β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-14540 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2019-14893 β β β 2.8.11.5, 2.9.10 β jackson-databind: Serialization gadgets in classes of the β | |
| β β β β β β xalan package β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-14893 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2019-16335 β β β 2.9.10 β jackson-databind: Serialization gadgets in β | |
| β β β β β β com.zaxxer.hikari.HikariDataSource β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-16335 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2019-16942 β β β 2.9.10.1 β jackson-databind: Serialization gadgets in β | |
| β β β β β β org.apache.commons.dbcp.datasources.* β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-16942 β | |
| β βββββββββββββββββββββββ€ β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2019-16943 β β β β jackson-databind: Serialization gadgets in β | |
| β β β β β β com.p6spy.engine.spy.P6DataSource β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-16943 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2019-17267 β β β 2.9.10 β jackson-databind: Serialization gadgets in classes of the β | |
| β β β β β β ehcache package β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-17267 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2019-17531 β β β 2.9.10.1 β jackson-databind: Serialization gadgets in β | |
| β β β β β β org.apache.log4j.receivers.db.* β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-17531 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2019-20330 β β β 2.8.11.5, 2.9.10.2 β jackson-databind: lacks certain net.sf.ehcache blocking β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-20330 β | |
| β βββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2018-5968 β HIGH β β 2.7.9.5, 2.8.11.1, 2.9.4 β jackson-databind: unsafe deserialization due to incomplete β | |
| β β β β β β blacklist (incomplete fix for CVE-2017-7525 and... β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-5968 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2020-10650 β β β 2.9.10.4 β A deserialization flaw was discovered in jackson-databind β | |
| β β β β β β through 2.9. ... β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-10650 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2020-10673 β β β 2.6.7.4, 2.9.10.4 β jackson-databind: mishandles the interaction between β | |
| β β β β β β serialization gadgets and typing which could result... β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-10673 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2020-25649 β β β 2.6.7.4, 2.9.10.7, 2.10.5.1 β jackson-databind: FasterXML DOMDeserializer insecure entity β | |
| β β β β β β expansion is vulnerable to XML external entity... β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-25649 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2020-35490 β β β 2.9.10.8 β jackson-databind: mishandles the interaction between β | |
| β β β β β β serialization gadgets and typing, related to β | |
| β β β β β β org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.- β | |
| β β β β β β .. β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-35490 β | |
| β βββββββββββββββββββββββ€ β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2020-35491 β β β β jackson-databind: mishandles the interaction between β | |
| β β β β β β serialization gadgets and typing, related to β | |
| β β β β β β org.apache.commons.dbcp2.datasources.SharedPoolDataSource... β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-35491 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2020-36518 β β β 2.12.6.1, 2.13.2.1 β denial of service via a large depth of nested objects β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-36518 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2022-42003 β β β 2.12.7.1, 2.13.4.1 β deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2022-42003 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2022-42004 β β β 2.12.7.1, 2.13.4 β use of deeply nested arrays β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2022-42004 β | |
| β βββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2018-1000873 β MEDIUM β β 2.9.8 β jackson-modules-java8: DoS due to an Improper Input β | |
| β β β β β β Validation β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-1000873 β | |
| β βββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β GHSA-rpr3-cw39-3pxh β UNKNOWN β β 2.9.10.4 β jackson-databind before 2.9.10.4 vulnerable to unsafe β | |
| β β β β β β deserialization β | |
| β β β β β β https://github.com/advisories/GHSA-rpr3-cw39-3pxh β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β com.fasterxml.jackson.dataformat:jackson-dataformat-cbor β CVE-2020-28491 β HIGH β β 2.11.4, 2.12.1 β jackson-dataformat-cbor: Unchecked allocation of byte buffer β | |
| β (fusionreactor.jar) β β β β β can cause a java.lang.OutOfMemoryError exception... β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-28491 β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββ€ βββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β com.google.code.gson:gson (fusionreactor.jar) β CVE-2022-25647 β β 2.3.1 β 2.8.9 β Deserialization of Untrusted Data in β | |
| β β β β β β com.google.code.gson-gson β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2022-25647 β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββΌβββββββββββΌββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β com.google.guava:guava (fusionreactor.jar) β CVE-2018-10237 β MEDIUM β 19.0 β 24.1.1-jre, 24.1.1-android β guava: Unbounded memory allocation in AtomicDoubleArray and β | |
| β β β β β β CompoundOrdering classes allow remote attackers... β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-10237 β | |
| β βββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2020-8908 β LOW β β 30.0 β guava: local information disclosure via temporary directory β | |
| β β β β β β created with unsafe permissions β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-8908 β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββΌβββββββββββΌββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β com.google.protobuf:protobuf-java (fusionreactor.jar) β CVE-2022-3171 β HIGH β 3.15.4 β 3.16.3, 3.19.6, 3.20.3, 3.21.7 β timeout in parser leads to DoS β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2022-3171 β | |
| β βββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2021-22569 β MEDIUM β β 3.16.1, 3.18.2, 3.19.2 β protobuf-java: potential DoS in the parsing procedure for β | |
| β β β β β β binary data β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2021-22569 β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββΌβββββββββββΌββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β com.unboundid:unboundid-ldapsdk (fusionreactor.jar) β CVE-2018-1000134 β CRITICAL β 3.2.1 β 4.0.5 β unboundid-ldapsdk: Incorrect Access Control vulnerability in β | |
| β β β β β β process function in SimpleBindRequest class β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2018-1000134 β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββΌβββββββββββΌββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β io.netty:netty-codec (fusionreactor.jar) β CVE-2020-11612 β HIGH β 4.1.36.Final β 4.1.46.Final β netty: compression/decompression codecs don't enforce limits β | |
| β β β β β β on buffer allocation sizes β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-11612 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2021-37136 β β β 4.1.68 β netty-codec: Bzip2Decoder doesn't allow setting size β | |
| β β β β β β restrictions for decompressed data β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2021-37136 β | |
| β βββββββββββββββββββββββ€ β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2021-37137 β β β β netty-codec: SnappyFrameDecoder doesn't restrict chunk β | |
| β β β β β β length and may buffer skippable chunks in... β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2021-37137 β | |
| β βββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2021-21290 β MEDIUM β β 4.1.59.Final β netty: Information disclosure via the local system temporary β | |
| β β β β β β directory β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2021-21290 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2021-21409 β β β 4.1.61.Final β netty: Request smuggling via content-length header β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2021-21409 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2022-24823 β β β 4.1.77.Final β netty: world readable temporary file containing sensitive β | |
| β β β β β β data β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2022-24823 β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β io.netty:netty-codec-http (fusionreactor.jar) β CVE-2019-20444 β CRITICAL β β 4.1.44.Final β netty: HTTP request smuggling β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-20444 β | |
| β βββββββββββββββββββββββ€ β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2019-20445 β β β β netty: HttpObjectDecoder.java allows Content-Length header β | |
| β β β β β β to accompanied by second Content-Length header β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-20445 β | |
| β βββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2019-16869 β HIGH β β 4.1.42.Final β netty: HTTP request smuggling by mishandled whitespace β | |
| β β β β β β before the colon in HTTP... β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-16869 β | |
| β βββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2021-21290 β MEDIUM β β 4.1.59.Final β netty: Information disclosure via the local system temporary β | |
| β β β β β β directory β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2021-21290 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2021-21409 β β β 4.1.61.Final β netty: Request smuggling via content-length header β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2021-21409 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2021-43797 β β β 4.1.71 β netty: control chars in header names may lead to HTTP β | |
| β β β β β β request smuggling... β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2021-43797 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2022-24823 β β β 4.1.77.Final β netty: world readable temporary file containing sensitive β | |
| β β β β β β data β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2022-24823 β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β io.netty:netty-handler (fusionreactor.jar) β CVE-2019-20444 β CRITICAL β β 4.1.44 β netty: HTTP request smuggling β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-20444 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2019-20445 β β β 4.1.45 β netty: HttpObjectDecoder.java allows Content-Length header β | |
| β β β β β β to accompanied by second Content-Length header β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2019-20445 β | |
| β βββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2020-11612 β HIGH β β 4.1.46 β netty: compression/decompression codecs don't enforce limits β | |
| β β β β β β on buffer allocation sizes β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-11612 β | |
| β βββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2021-21290 β MEDIUM β β 4.1.59.Final β netty: Information disclosure via the local system temporary β | |
| β β β β β β directory β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2021-21290 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2021-21409 β β β 4.1.61.Final β netty: Request smuggling via content-length header β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2021-21409 β | |
| β βββββββββββββββββββββββ€ β βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2022-24823 β β β 4.1.77.Final β netty: world readable temporary file containing sensitive β | |
| β β β β β β data β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2022-24823 β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββ€ βββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β org.apache.httpcomponents:httpclient (fusionreactor.jar) β CVE-2020-13956 β β 4.5.2 β 4.5.13 β apache-httpclient: incorrect handling of malformed authority β | |
| β β β β β β component in request URIs β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-13956 β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββΌββββββββββββββββββββββΌβββββββββββΌββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β org.codehaus.groovy:groovy (fusionreactor.jar) β CVE-2015-3253 β CRITICAL β 2.2.2 β 2.4.4 β groovy: remote execution of untrusted code in class β | |
| β β β β β β MethodClosure β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2015-3253 β | |
| β βββββββββββββββββββββββ€ β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2016-6814 β β β β Apache Groovy: Remote code execution via deserialization β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2016-6814 β | |
| β βββββββββββββββββββββββΌβββββββββββ€ βββββββββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ | |
| β β CVE-2020-17521 β MEDIUM β β 2.4.21, 2.5.14, 3.0.7 β groovy: OS temporary directory leads to information β | |
| β β β β β β disclosure β | |
| β β β β β β https://avd.aquasec.com/nvd/cve-2020-17521 β | |
| ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ΄ββββββββββββββββββββββ΄βββββββββββ΄ββββββββββββββββββββ΄ββββββββββββββββββββββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment