Search criteria
14 vulnerabilities found for peoplesoft_enterprise_pt_peopletools by oracle
CVE-2021-2408 (GCVE-0-2021-2408)
Vulnerability from nvd – Published: 2021-07-20 22:44 – Updated: 2024-09-26 13:54
VLAI?
Summary
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configuration). The supported version that is affected is 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Severity ?
6.1 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | PeopleSoft Enterprise PT PeopleTools |
Affected:
8.59
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:51:13.581022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T13:54:52.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PeopleSoft Enterprise PT PeopleTools",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.59"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configuration). The supported version that is affected is 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:44:21",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.59"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configuration). The supported version that is affected is 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2408",
"datePublished": "2021-07-20T22:44:21",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T13:54:52.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-2218 (GCVE-0-2021-2218)
Vulnerability from nvd – Published: 2021-04-22 21:53 – Updated: 2024-09-26 15:10
VLAI?
Summary
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L).
Severity ?
8.3 (High)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | PeopleSoft Enterprise PT PeopleTools |
Affected:
8.56
Affected: 8.57 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:38:57.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2218",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:52:28.507499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:10:38.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PeopleSoft Enterprise PT PeopleTools",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.56"
},
{
"status": "affected",
"version": "8.57"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T21:53:52",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.56"
},
{
"version_affected": "=",
"version_value": "8.57"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2218",
"datePublished": "2021-04-22T21:53:52",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T15:10:38.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13956 (GCVE-0-2020-13956)
Vulnerability from nvd – Published: 2020-12-02 16:20 – Updated: 2025-12-01 15:45
VLAI?
Summary
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache HttpClient |
Affected:
4.5.12 and prior, 5.0.2 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-12-01T15:45:49.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://priyankn.github.io/2021-02-26-CVE-2020-13956/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d%40%3Ccommits.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f%40%3Ccommits.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19%40%3Cdev.ranger.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0002/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "Apache HttpClient",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.5.12 and prior, 5.0.2 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:21:27.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d%40%3Ccommits.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f%40%3Ccommits.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19%40%3Cdev.ranger.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HttpClient",
"version": {
"version_data": [
{
"version_value": "4.5.12 and prior, 5.0.2 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381@%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303@%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4@%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652@%3Cissues.solr.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749@%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b@%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b@%3Cissues.maven.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d@%3Ccommits.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917@%3Cdev.drill.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587@%3Cissues.maven.apache.org%3E"
},
{
"name": "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35@%3Cissues.solr.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624@%3Cissues.solr.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30@%3Cissues.solr.apache.org%3E"
},
{
"name": "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1@%3Cissues.solr.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19@%3Cdev.ranger.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220210-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-13956",
"datePublished": "2020-12-02T16:20:12.000Z",
"dateReserved": "2020-06-08T00:00:00.000Z",
"dateUpdated": "2025-12-01T15:45:49.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-18640 (GCVE-0-2017-18640)
Vulnerability from nvd – Published: 2019-12-12 00:00 – Updated: 2024-08-05 21:28
VLAI?
Summary
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:28:55.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-599514b47e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/"
},
{
"name": "FEDORA-2020-23012fafbc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/"
},
{
"name": "[pulsar-commits] 20200830 [GitHub] [pulsar] codelipenghui commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy edited a comment on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200831 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-pr] 20200907 [GitHub] [cassandra] crazylab opened a new pull request #736: Upgrade to a snakeyaml version without CVE",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2%40%3Cpr.cassandra.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #110: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab closed pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200907 [GitHub] [pulsar] jiazhai closed issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200909 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [GitHub] [atlas] nixonrodrigues commented on pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Created] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Updated] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200915 [atlas] branch master updated: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [GitHub] [atlas] nixonrodrigues merged pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200916 [atlas] 02/02: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200916 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Created] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201001 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [cassandra] branch trunk updated: Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201026 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201027 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch trunk updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch branch-3.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [jira] [Created] (OMID-207) Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e%40%3Cdev.phoenix.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [GitHub] [phoenix-omid] richardantal opened a new pull request #93: OMID-207 Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b%40%3Cdev.phoenix.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion"
},
{
"tags": [
"x_transferred"
],
"url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211006 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/377"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2020-599514b47e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/"
},
{
"name": "FEDORA-2020-23012fafbc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/"
},
{
"name": "[pulsar-commits] 20200830 [GitHub] [pulsar] codelipenghui commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy edited a comment on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200831 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-pr] 20200907 [GitHub] [cassandra] crazylab opened a new pull request #736: Upgrade to a snakeyaml version without CVE",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2%40%3Cpr.cassandra.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #110: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab closed pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200907 [GitHub] [pulsar] jiazhai closed issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200909 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [GitHub] [atlas] nixonrodrigues commented on pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Created] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Updated] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200915 [atlas] branch master updated: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [GitHub] [atlas] nixonrodrigues merged pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200916 [atlas] 02/02: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200916 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Created] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201001 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [cassandra] branch trunk updated: Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201026 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201027 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch trunk updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch branch-3.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [jira] [Created] (OMID-207) Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e%40%3Cdev.phoenix.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [GitHub] [phoenix-omid] richardantal opened a new pull request #93: OMID-207 Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b%40%3Cdev.phoenix.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion"
},
{
"url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages"
},
{
"url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack"
},
{
"url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211006 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/377"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-28"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18640",
"datePublished": "2019-12-12T00:00:00",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-08-05T21:28:55.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12402 (GCVE-0-2019-12402)
Vulnerability from nvd – Published: 2019-08-29 00:00 – Updated: 2024-08-04 23:17
VLAI?
Summary
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
Severity ?
No CVSS data available.
CWE
- denial of service vulnerability
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Commons Compress |
Affected:
1.15 to 1.18
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:39.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "FEDORA-2019-c96a8d12b0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/"
},
{
"name": "FEDORA-2019-da0eac1eb6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230818-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Commons Compress",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.15 to 1.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T13:06:40.207792",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "FEDORA-2019-c96a8d12b0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/"
},
{
"name": "FEDORA-2019-da0eac1eb6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-12402",
"datePublished": "2019-08-29T00:00:00",
"dateReserved": "2019-05-28T00:00:00",
"dateUpdated": "2024-08-04T23:17:39.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10086 (GCVE-0-2019-10086)
Vulnerability from nvd – Published: 2019-08-20 20:10 – Updated: 2024-08-04 22:10
VLAI?
Summary
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Commons Beanutils |
Affected:
Apache Commons Beanutils 1.0 to 1.9.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
},
{
"name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "FEDORA-2019-bcad44b5d6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"name": "FEDORA-2019-79b5790566",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"name": "RHSA-2019:4317",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"name": "RHSA-2020:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"name": "RHSA-2020:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Commons Beanutils",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "Apache Commons Beanutils 1.0 to 1.9.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T17:59:36",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
},
{
"name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "FEDORA-2019-bcad44b5d6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"name": "FEDORA-2019-79b5790566",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"name": "RHSA-2019:4317",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"name": "RHSA-2020:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"name": "RHSA-2020:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-10086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Commons Beanutils",
"version": {
"version_data": [
{
"version_value": "Apache Commons Beanutils 1.0 to 1.9.3"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e"
},
{
"name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E"
},
{
"name": "FEDORA-2019-bcad44b5d6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"name": "FEDORA-2019-79b5790566",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"name": "RHSA-2019:4317",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"name": "RHSA-2020:0057",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"name": "RHSA-2020:0194",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"name": "RHSA-2020:0806",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-10086",
"datePublished": "2019-08-20T20:10:15",
"dateReserved": "2019-03-26T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2793 (GCVE-0-2018-2793)
Vulnerability from nvd – Published: 2018-04-19 02:00 – Updated: 2024-10-03 20:18
VLAI?
Summary
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | PeopleSoft Enterprise PT PeopleTools |
Affected:
8.54
Affected: 8.55 Affected: 8.56 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:29:44.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103899",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1040701",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040701"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-2793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T19:25:36.942204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T20:18:25.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PeopleSoft Enterprise PT PeopleTools",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.54"
},
{
"status": "affected",
"version": "8.55"
},
{
"status": "affected",
"version": "8.56"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-19T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "103899",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1040701",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040701"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.54"
},
{
"version_affected": "=",
"version_value": "8.55"
},
{
"version_affected": "=",
"version_value": "8.56"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103899"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1040701",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040701"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2018-2793",
"datePublished": "2018-04-19T02:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-10-03T20:18:25.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-2408 (GCVE-0-2021-2408)
Vulnerability from cvelistv5 – Published: 2021-07-20 22:44 – Updated: 2024-09-26 13:54
VLAI?
Summary
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configuration). The supported version that is affected is 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Severity ?
6.1 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | PeopleSoft Enterprise PT PeopleTools |
Affected:
8.59
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:50.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:51:13.581022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T13:54:52.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PeopleSoft Enterprise PT PeopleTools",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.59"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configuration). The supported version that is affected is 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:44:21",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.59"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configuration). The supported version that is affected is 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2408",
"datePublished": "2021-07-20T22:44:21",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T13:54:52.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-2218 (GCVE-0-2021-2218)
Vulnerability from cvelistv5 – Published: 2021-04-22 21:53 – Updated: 2024-09-26 15:10
VLAI?
Summary
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L).
Severity ?
8.3 (High)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | PeopleSoft Enterprise PT PeopleTools |
Affected:
8.56
Affected: 8.57 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:38:57.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-2218",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:52:28.507499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:10:38.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PeopleSoft Enterprise PT PeopleTools",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.56"
},
{
"status": "affected",
"version": "8.57"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T21:53:52",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.56"
},
{
"version_affected": "=",
"version_value": "8.57"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Health Center). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools. While the vulnerability is in PeopleSoft Enterprise PT PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PT PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PT PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PT PeopleTools."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuapr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2218",
"datePublished": "2021-04-22T21:53:52",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-09-26T15:10:38.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13956 (GCVE-0-2020-13956)
Vulnerability from cvelistv5 – Published: 2020-12-02 16:20 – Updated: 2025-12-01 15:45
VLAI?
Summary
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache HttpClient |
Affected:
4.5.12 and prior, 5.0.2 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-12-01T15:45:49.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://priyankn.github.io/2021-02-26-CVE-2020-13956/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d%40%3Ccommits.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f%40%3Ccommits.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19%40%3Cdev.ranger.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0002/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "Apache HttpClient",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.5.12 and prior, 5.0.2 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:21:27.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381%40%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4%40%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d%40%3Ccommits.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f%40%3Ccommits.creadur.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587%40%3Cissues.maven.apache.org%3E"
},
{
"name": "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457%40%3Cdev.creadur.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17%40%3Cdev.jackrabbit.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e%40%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19%40%3Cdev.ranger.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220210-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HttpClient",
"version": {
"version_data": [
{
"version_value": "4.5.12 and prior, 5.0.2 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8@%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381@%3Ccommits.turbine.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303@%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4@%3Cgitbox.hive.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652@%3Cissues.solr.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749@%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b@%3Cissues.maven.apache.org%3E"
},
{
"name": "[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b@%3Cissues.maven.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d@%3Ccommits.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917@%3Cdev.drill.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f@%3Ccommits.creadur.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587@%3Cissues.maven.apache.org%3E"
},
{
"name": "[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457@%3Cdev.creadur.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35@%3Cissues.solr.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17@%3Cdev.jackrabbit.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624@%3Cissues.solr.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30@%3Cissues.solr.apache.org%3E"
},
{
"name": "[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e@%3Cissues.lucene.apache.org%3E"
},
{
"name": "[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1@%3Cissues.solr.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19@%3Cdev.ranger.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220210-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220210-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-13956",
"datePublished": "2020-12-02T16:20:12.000Z",
"dateReserved": "2020-06-08T00:00:00.000Z",
"dateUpdated": "2025-12-01T15:45:49.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-18640 (GCVE-0-2017-18640)
Vulnerability from cvelistv5 – Published: 2019-12-12 00:00 – Updated: 2024-08-05 21:28
VLAI?
Summary
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:28:55.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-599514b47e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/"
},
{
"name": "FEDORA-2020-23012fafbc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/"
},
{
"name": "[pulsar-commits] 20200830 [GitHub] [pulsar] codelipenghui commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy edited a comment on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200831 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-pr] 20200907 [GitHub] [cassandra] crazylab opened a new pull request #736: Upgrade to a snakeyaml version without CVE",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2%40%3Cpr.cassandra.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #110: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab closed pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200907 [GitHub] [pulsar] jiazhai closed issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200909 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [GitHub] [atlas] nixonrodrigues commented on pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Created] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Updated] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200915 [atlas] branch master updated: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [GitHub] [atlas] nixonrodrigues merged pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200916 [atlas] 02/02: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200916 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Created] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201001 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [cassandra] branch trunk updated: Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201026 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201027 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch trunk updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch branch-3.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [jira] [Created] (OMID-207) Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e%40%3Cdev.phoenix.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [GitHub] [phoenix-omid] richardantal opened a new pull request #93: OMID-207 Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b%40%3Cdev.phoenix.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion"
},
{
"tags": [
"x_transferred"
],
"url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211006 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/377"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2020-599514b47e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKN7VGIKTYBCAKYBRG55QHXAY5UDZ7HA/"
},
{
"name": "FEDORA-2020-23012fafbc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTVJC54XGX26UJVVYCXZ7D25X3R5T2G6/"
},
{
"name": "[pulsar-commits] 20200830 [GitHub] [pulsar] codelipenghui commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8b57c57cffa01e418868a3c7535b987635ff1fb5ab534203bfa2d64a%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb34d8d3269ad47a1400f5a1a2d8310e13a80b6576ebd7f512144198d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8464b6ec951aace8c807bac9ea526d4f9e3116aa16d38be06f7c6524%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200830 [jira] [Created] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r643ba53f002ae59068f9352fe1d82e1b6f375387ffb776f13efe8fda%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy edited a comment on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2b05744c0c2867daa5d1a96832965b7d6220328b0ead06c22a6e7854%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200831 [GitHub] [pulsar] wolfstudy commented on issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6c91e52b3cc9f4e64afe0f34f20507143fd1f756d12681a56a9b38da%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200831 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-pr] 20200907 [GitHub] [cassandra] crazylab opened a new pull request #736: Upgrade to a snakeyaml version without CVE",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb0e033d5ec8233360203431ad96580cf2ec56f47d9a425d894e279c2%40%3Cpr.cassandra.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab opened a new pull request #110: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2a5b84fdf59042dc398497e914b5bb1aed77328320b1438144ae1953%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200907 [GitHub] [atlas] crazylab closed pull request #109: Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6d54c2da792c74cc14b9b7665ea89e144c9e238ed478d37fd56292e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[pulsar-commits] 20200907 [GitHub] [pulsar] jiazhai closed issue #7928: CVE-2017-18640 exposure snakeyaml below 1.26",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r666f29a7d0e1f98fa1425ca01efcfa86e6e3856e01d300828aa7c6ea%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200909 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [GitHub] [atlas] nixonrodrigues commented on pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r28c9009a48d52cf448f8b02cd823da0f8601d2dff4d66f387a35f1e0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Created] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb7b28ac741e32dd5edb2c22485d635275bead7290b056ee56baf8ce0%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200914 [jira] [Updated] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re791a854001ec1f79cd4f47328b270e7a1d9d7056debb8f16d962722%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200915 [atlas] branch master updated: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rce5c93bba6e815fb62ad38e28ca1943b3019af1eddeb06507ad4e11a%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [GitHub] [atlas] nixonrodrigues merged pull request #110: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5510f0125ba409fc1cabd098ab8b457741e5fa314cbd0e61e4339422%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200915 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2db207a2431a5e9e95e899858ab1f5eabd9bcc790a6ca7193ae07e94%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20200916 [atlas] 02/02: ATLAS-3940 : Upgrade snakeyaml to a version without CVE-2017-18640 (#110)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20200916 [jira] [Commented] (ATLAS-3940) Upgrade snakeyaml to a version without CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re851bbfbedd47c690b6e01942acb98ee08bd00df1a94910b905bc8cd%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Created] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r56805265475919252ba7fc10123f15b91097f3009bae86476624ca25%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbaa1f513d903c89a08267c91d86811fa5bcc82e0596b6142c5cea7ea%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/reb1751562ee5146d3aca654a2df76a2c13d8036645ce69946f9c219e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200930 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201001 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rc3211c71f7e0973a1825d1988a3921288c06cd9d793eae97ecd34948%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r55d807f31e64a080c54455897c20b1667ec792e5915132c7b7750533%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201002 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/recfe569f4f260328b0036f1c82b2956e864d519ab941a5e75d0d832d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf95bebee6dfcc55067cebe8482bd31e6f481d9f74ba8e03f860c3ec7%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201007 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Comment Edited] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Commented] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [jira] [Updated] (CASSANDRA-16150) Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd582c64f66c354240290072f340505f5d026ca944ec417226bb0272e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20201009 [cassandra] branch trunk updated: Upgrade to snakeyaml \u003e= 1.26 version for CVE-2017-18640 fix",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb5c33d0069c927fae16084f0605895b98d231d7c48527bcb822ac48c%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201026 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcb4b61dbe2ed1c7a88781a9aff5a9e7342cc7ed026aec0418ee67596%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201027 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/raebd2019b3da8c2f90f31e8b203b45353f78770ca93bfe5376f5532e%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r4d7f37da1bc2df90a5a0f56eb7629b5ea131bfe11eeeb4b4c193f64a%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20201028 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r22ac2aa053b7d9c6b75a49db78125c9316499668d0f4a044f3402e2f%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch trunk updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20201028 [hadoop] branch branch-3.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcb2a7037366c58bac6aec6ce3df843a11ef97ae4eb049f05f410eaa5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [jira] [Created] (OMID-207) Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r436988d2cfe8a770ae361c82b181c5b2bf48a249bad84d8a55a3b46e%40%3Cdev.phoenix.apache.org%3E"
},
{
"name": "[phoenix-dev] 20210419 [GitHub] [phoenix-omid] richardantal opened a new pull request #93: OMID-207 Upgrade to snakeyaml 1.26 due to CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7ce3de03facf7e7f3e24fc25d26d555818519dafdb20f29398a3414b%40%3Cdev.phoenix.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion"
},
{
"url": "https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.25/usages"
},
{
"url": "https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack"
},
{
"url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/r900e020760c89f082df1c6e0d46320eba721e4e47bb9eb521e68cd95%40%3Ccommits.servicecomb.apache.org%3E"
},
{
"name": "[kafka-users] 20210617 vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2721aba31a8562639c4b937150897e24f78f747cdbda8641c0f659fe%40%3Cusers.kafka.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211006 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2.3 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rfe0aab6c3bebbd9cbfdedb65ff3fdf420714bcb8acdfd346077e1263%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Updated] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20211008 [hadoop] branch branch-3.2 updated: HADOOP-17236. Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640. Contributed by Brahma Reddy Battula.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rdd34c0479587e32a656d976649409487d51ca0d296b3e26b6b89c3f5%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20211008 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r465d2553a31265b042cf5457ef649b71e0722ab89b6ea94a5d59529b%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes"
},
{
"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/377"
},
{
"name": "GLSA-202305-28",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-28"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18640",
"datePublished": "2019-12-12T00:00:00",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-08-05T21:28:55.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12402 (GCVE-0-2019-12402)
Vulnerability from cvelistv5 – Published: 2019-08-29 00:00 – Updated: 2024-08-04 23:17
VLAI?
Summary
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
Severity ?
No CVSS data available.
CWE
- denial of service vulnerability
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Commons Compress |
Affected:
1.15 to 1.18
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:39.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "FEDORA-2019-c96a8d12b0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/"
},
{
"name": "FEDORA-2019-da0eac1eb6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230818-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Commons Compress",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.15 to 1.18"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T13:06:40.207792",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E"
},
{
"name": "FEDORA-2019-c96a8d12b0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/"
},
{
"name": "FEDORA-2019-da0eac1eb6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"
},
{
"name": "[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-12402",
"datePublished": "2019-08-29T00:00:00",
"dateReserved": "2019-05-28T00:00:00",
"dateUpdated": "2024-08-04T23:17:39.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10086 (GCVE-0-2019-10086)
Vulnerability from cvelistv5 – Published: 2019-08-20 20:10 – Updated: 2024-08-04 22:10
VLAI?
Summary
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Commons Beanutils |
Affected:
Apache Commons Beanutils 1.0 to 1.9.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
},
{
"name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "FEDORA-2019-bcad44b5d6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"name": "FEDORA-2019-79b5790566",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"name": "RHSA-2019:4317",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"name": "RHSA-2020:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"name": "RHSA-2020:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Commons Beanutils",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "Apache Commons Beanutils 1.0 to 1.9.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T17:59:36",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
},
{
"name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "FEDORA-2019-bcad44b5d6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"name": "FEDORA-2019-79b5790566",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"name": "RHSA-2019:4317",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"name": "RHSA-2020:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"name": "RHSA-2020:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-10086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Commons Beanutils",
"version": {
"version_data": [
{
"version_value": "Apache Commons Beanutils 1.0 to 1.9.3"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e"
},
{
"name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E"
},
{
"name": "FEDORA-2019-bcad44b5d6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"name": "FEDORA-2019-79b5790566",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"name": "RHSA-2019:4317",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"name": "RHSA-2020:0057",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"name": "RHSA-2020:0194",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"name": "RHSA-2020:0806",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-10086",
"datePublished": "2019-08-20T20:10:15",
"dateReserved": "2019-03-26T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2793 (GCVE-0-2018-2793)
Vulnerability from cvelistv5 – Published: 2018-04-19 02:00 – Updated: 2024-10-03 20:18
VLAI?
Summary
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | PeopleSoft Enterprise PT PeopleTools |
Affected:
8.54
Affected: 8.55 Affected: 8.56 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:29:44.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103899",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1040701",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040701"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-2793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T19:25:36.942204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T20:18:25.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PeopleSoft Enterprise PT PeopleTools",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.54"
},
{
"status": "affected",
"version": "8.55"
},
{
"status": "affected",
"version": "8.56"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-19T09:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "103899",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1040701",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040701"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.54"
},
{
"version_affected": "=",
"version_value": "8.55"
},
{
"version_affected": "=",
"version_value": "8.56"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PT PeopleTools executes to compromise PeopleSoft Enterprise PT PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PT PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103899"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1040701",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040701"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2018-2793",
"datePublished": "2018-04-19T02:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-10-03T20:18:25.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}