Vulnerability-Lookup

Vulnerability from cleanstart

Published

2026-05-18 13:15

Modified

2026-05-13 14:13

Summary

Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4

Details

Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2015-0886	WEB
	https://osv.dev/vulnerability/CVE-2020-8908	WEB
	https://osv.dev/vulnerability/CVE-2022-1471	WEB
	https://osv.dev/vulnerability/CVE-2022-24823	WEB
	https://osv.dev/vulnerability/CVE-2022-38752	WEB
	https://osv.dev/vulnerability/CVE-2022-41854	WEB
	https://osv.dev/vulnerability/CVE-2023-2976	WEB
	https://osv.dev/vulnerability/CVE-2023-34462	WEB
	https://osv.dev/vulnerability/CVE-2024-12798	WEB
	https://osv.dev/vulnerability/CVE-2024-12801	WEB
	https://osv.dev/vulnerability/CVE-2024-13009	WEB
	https://osv.dev/vulnerability/CVE-2024-47535	WEB
	https://osv.dev/vulnerability/CVE-2024-6763	WEB
	https://osv.dev/vulnerability/CVE-2024-8184	WEB
	https://osv.dev/vulnerability/CVE-2024-9823	WEB
	https://osv.dev/vulnerability/CVE-2025-11143	WEB
	https://osv.dev/vulnerability/CVE-2025-24970	WEB
	https://osv.dev/vulnerability/CVE-2025-25193	WEB
	https://osv.dev/vulnerability/CVE-2025-48734	WEB
	https://osv.dev/vulnerability/CVE-2025-48924	WEB
	https://osv.dev/vulnerability/CVE-2025-52999	WEB
	https://osv.dev/vulnerability/CVE-2025-58057	WEB
	https://osv.dev/vulnerability/CVE-2026-1225	WEB
	https://osv.dev/vulnerability/CVE-2026-23901	WEB
	https://osv.dev/vulnerability/CVE-2026-44431	WEB
	https://osv.dev/vulnerability/CVE-2026-44432	WEB
	https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8	WEB
	https://osv.dev/vulnerability/ghsa-389x-839f-4rhx	WEB
	https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj	WEB
	https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw	WEB
	https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3	WEB
	https://osv.dev/vulnerability/ghsa-6mjq-h674-j845	WEB
	https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4	WEB
	https://osv.dev/vulnerability/ghsa-72hv-8253-57qq	WEB
	https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3	WEB
	https://osv.dev/vulnerability/ghsa-9h6p-92jq-888x	WEB
	https://osv.dev/vulnerability/ghsa-9w3m-gqgf-c4p9	WEB
	https://osv.dev/vulnerability/ghsa-c4qc-4q9p-m9q9	WEB
	https://osv.dev/vulnerability/ghsa-g8m5-722r-8whq	WEB
	https://osv.dev/vulnerability/ghsa-gc5v-m9x4-r6x2	WEB
	https://osv.dev/vulnerability/ghsa-h46c-h94j-95f3	WEB
	https://osv.dev/vulnerability/ghsa-j26w-f9rq-mr2q	WEB
	https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v	WEB
	https://osv.dev/vulnerability/ghsa-jc7h-c423-mpjc	WEB
	https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j	WEB
	https://osv.dev/vulnerability/ghsa-mjmj-j48q-9wg2	WEB
	https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv	WEB
	https://osv.dev/vulnerability/ghsa-q4rv-gq96-w7c5	WEB
	https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc	WEB
	https://osv.dev/vulnerability/ghsa-qh8g-58pp-2wxh	WEB
	https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v	WEB
	https://osv.dev/vulnerability/ghsa-w37g-rhq8-7m4j	WEB
	https://osv.dev/vulnerability/ghsa-wjpw-4j6x-6rwh	WEB
	https://osv.dev/vulnerability/ghsa-wxr5-93ph-8wr9	WEB
	https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2015-0886	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-8908	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-1471	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-24823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-38752	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-41854	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-2976	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-34462	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-12798	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-12801	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-13009	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-47535	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-6763	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-8184	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-9823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-11143	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-24970	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-25193	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48734	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48924	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-52999	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58057	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-1225	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-23901	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44431	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44432	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "cassandra-reaper-fips"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.1-r4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-GH89210",
  "modified": "2026-05-13T14:13:05Z",
  "published": "2026-05-18T13:15:02.086653Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GH89210.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2015-0886"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-1471"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-38752"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-41854"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-34462"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-12798"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-12801"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-13009"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-47535"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-8184"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-9823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-11143"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-52999"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-1225"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-23901"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44431"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44432"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-389x-839f-4rhx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6mjq-h674-j845"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-9h6p-92jq-888x"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-9w3m-gqgf-c4p9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-c4qc-4q9p-m9q9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-g8m5-722r-8whq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-gc5v-m9x4-r6x2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-h46c-h94j-95f3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j26w-f9rq-mr2q"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-jc7h-c423-mpjc"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mjmj-j48q-9wg2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-q4rv-gq96-w7c5"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qh8g-58pp-2wxh"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-w37g-rhq8-7m4j"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-wjpw-4j6x-6rwh"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-wxr5-93ph-8wr9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0886"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12798"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12801"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1225"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23901"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4",
  "upstream": [
    "CVE-2015-0886",
    "CVE-2020-8908",
    "CVE-2022-1471",
    "CVE-2022-24823",
    "CVE-2022-38752",
    "CVE-2022-41854",
    "CVE-2023-2976",
    "CVE-2023-34462",
    "CVE-2024-12798",
    "CVE-2024-12801",
    "CVE-2024-13009",
    "CVE-2024-47535",
    "CVE-2024-6763",
    "CVE-2024-8184",
    "CVE-2024-9823",
    "CVE-2025-11143",
    "CVE-2025-24970",
    "CVE-2025-25193",
    "CVE-2025-48734",
    "CVE-2025-48924",
    "CVE-2025-52999",
    "CVE-2025-58057",
    "CVE-2026-1225",
    "CVE-2026-23901",
    "CVE-2026-44431",
    "CVE-2026-44432",
    "ghsa-25qh-j22f-pwp8",
    "ghsa-389x-839f-4rhx",
    "ghsa-3p8m-j85q-pgmj",
    "ghsa-4g8c-wm8x-jfhw",
    "ghsa-5mg8-w23w-74h3",
    "ghsa-6mjq-h674-j845",
    "ghsa-6v67-2wr5-gvf4",
    "ghsa-72hv-8253-57qq",
    "ghsa-7g45-4rm6-3mm3",
    "ghsa-9h6p-92jq-888x",
    "ghsa-9w3m-gqgf-c4p9",
    "ghsa-c4qc-4q9p-m9q9",
    "ghsa-g8m5-722r-8whq",
    "ghsa-gc5v-m9x4-r6x2",
    "ghsa-h46c-h94j-95f3",
    "ghsa-j26w-f9rq-mr2q",
    "ghsa-j288-q9x7-2f5v",
    "ghsa-jc7h-c423-mpjc",
    "ghsa-mf9v-mfxr-j63j",
    "ghsa-mjmj-j48q-9wg2",
    "ghsa-pr98-23f8-jwxv",
    "ghsa-q4rv-gq96-w7c5",
    "ghsa-qccp-gfcp-xxvc",
    "ghsa-qh8g-58pp-2wxh",
    "ghsa-qqpg-mvqg-649v",
    "ghsa-w37g-rhq8-7m4j",
    "ghsa-wjpw-4j6x-6rwh",
    "ghsa-wxr5-93ph-8wr9",
    "ghsa-xq3w-v528-46rv"
  ]
}

GHSA-5MG8-W23W-74H3

Vulnerability from github – Published: 2021-03-25 17:04 – Updated: 2026-02-23 22:45

Summary

Information Disclosure in Guava

Details

A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.

Severity ?

3.3 (Low)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.google.guava:guava"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "32.0.0-android"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8908"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-173",
      "CWE-200",
      "CWE-378",
      "CWE-732"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-25T17:01:09Z",
    "nvd_published_at": "2020-12-10T23:15:00Z",
    "severity": "LOW"
  },
  "details": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.",
  "id": "GHSA-5mg8-w23w-74h3",
  "modified": "2026-02-23T22:45:53Z",
  "published": "2021-03-25T17:04:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/issues/4011"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/issues/4011#issuecomment-1578991974"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/commit/feb83a1c8fd2e7670b244d5afd23cba5aca43284"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604%40%3Ctorque-dev.db.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5@%3Cissues.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5%40%3Cissues.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95%40%3Cgithub.arrow.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f@%3Cdev.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f%40%3Cdev.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97@%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97%40%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a%40%3Ctorque-dev.db.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3%40%3Ctorque-dev.db.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322@%3Cgitbox.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322%40%3Cgitbox.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3@%3Cyarn-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220210-0003"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594%40%3Cdev.myfaces.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625@%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625%40%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e@%3Cyarn-dev.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e%40%3Cyarn-dev.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85@%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85%40%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27@%3Cyarn-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27%40%3Cyarn-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf@%3Cdev.pig.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf%40%3Cdev.pig.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3%40%3Cyarn-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc@%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc%40%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4%40%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6@%3Cyarn-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6%40%3Cyarn-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e%40%3Ccommits.ws.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54%40%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14%40%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r037fed1d0ebde50c9caf8d99815db3093c344c3f651c5a49a09824ce@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21@%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21%40%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/google/guava"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba%40%3Cissues.maven.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09@%3Cyarn-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09%40%3Cyarn-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c@%3Cissues.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c%40%3Cissues.hive.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222%40%3Ccommits.ws.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a%40%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199@%3Cyarn-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199%40%3Cyarn-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44@%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44%40%3Cissues.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac@%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac%40%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27@%3Cyarn-dev.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27%40%3Cyarn-dev.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Information Disclosure in Guava"
}

GHSA-6MJQ-H674-J845

Vulnerability from github – Published: 2023-06-20 16:33 – Updated: 2024-06-24 21:24

Summary

netty-handler SniHandler 16MB allocation

Details

Summary

The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the SniHandler to allocate 16MB of heap.

Details

The SniHandler class is a handler that waits for the TLS handshake to configure a SslHandler according to the indicated server name by the ClientHello record. For this matter it allocates a ByteBuf using the value defined in the ClientHello record.

Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the SslClientHelloHandler

1/ allocate a 16MB ByteBuf 2/ not fail decode method in buffer 3/ get out of the loop without an exception

The combination of this without the use of a timeout makes easy to connect to a TCP server and allocate 16MB of heap memory per connection.

Impact

If the user has no idle timeout handler configured it might be possible for a remote peer to send a client hello packet which lead the server to buffer up to 16MB of data per connection. This could lead to a OutOfMemoryError and so result in a DDOS.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.netty:netty-handler"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.94.Final"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-34462"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-20T16:33:22Z",
    "nvd_published_at": "2023-06-22T23:15:09Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nThe `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap.\n\n### Details\nThe `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. \n\nNormally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`\n\n1/ allocate a 16MB `ByteBuf`\n2/ not fail `decode` method `in` buffer\n3/ get out of the loop without an exception\n\nThe combination of this without the use of a timeout makes  easy to connect to a TCP server and allocate 16MB of heap memory per connection.\n\n### Impact\nIf the user has no idle timeout handler configured it might be possible for a remote peer to send a client hello packet which lead the server to buffer up to 16MB of data per connection. This could lead to a OutOfMemoryError and so result in a DDOS.",
  "id": "GHSA-6mjq-h674-j845",
  "modified": "2024-06-24T21:24:21Z",
  "published": "2023-06-20T16:33:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
    },
    {
      "type": "WEB",
      "url": "https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/netty/netty"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230803-0001"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0007"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5558"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "netty-handler SniHandler 16MB allocation"
}

GHSA-6V67-2WR5-GVF4

Vulnerability from github – Published: 2024-12-19 18:31 – Updated: 2025-01-03 19:06

Summary

QOS.CH logback-core Server-Side Request Forgery vulnerability

Details

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML.

The attacks involves the modification of DOCTYPE declaration in XML configuration files.

Severity ?

2.4 (Low)


                  
                    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H/V:D/U:Clear

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "ch.qos.logback:logback-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.4.0"
            },
            {
              "fixed": "1.5.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "ch.qos.logback:logback-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-12801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-19T22:22:44Z",
    "nvd_published_at": "2024-12-19T17:15:08Z",
    "severity": "LOW"
  },
  "details": "Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML.\n \nThe attacks involves the modification of DOCTYPE declaration in\u00a0 XML configuration files.",
  "id": "GHSA-6v67-2wr5-gvf4",
  "modified": "2025-01-03T19:06:48Z",
  "published": "2024-12-19T18:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12801"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qos-ch/logback/commit/5f05041cba4c4ac0a62748c5c527a2da48999f2d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/qos-ch/logback"
    },
    {
      "type": "WEB",
      "url": "https://logback.qos.ch/news.html#1.3.15"
    },
    {
      "type": "WEB",
      "url": "https://logback.qos.ch/news.html#1.5.13"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H/V:D/U:Clear",
      "type": "CVSS_V4"
    }
  ],
  "summary": "QOS.CH logback-core Server-Side Request Forgery vulnerability"
}

GHSA-72HV-8253-57QQ

Vulnerability from github – Published: 2026-02-28 02:01 – Updated: 2026-04-07 16:30

Summary

jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

Details

Summary

The non-blocking (async) JSON parser in jackson-core bypasses the maxNumberLength constraint (default: 1000 characters) defined in StreamReadConstraints. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and potential CPU exhaustion, resulting in a Denial of Service (DoS).

The standard synchronous parser correctly enforces this limit, but the async parser fails to do so, creating an inconsistent enforcement policy.

Details

The root cause is that the async parsing path in NonBlockingUtf8JsonParserBase (and related classes) does not call the methods responsible for number length validation.

The number parsing methods (e.g., _finishNumberIntegralPart) accumulate digits into the TextBuffer without any length checks.
After parsing, they call _valueComplete(), which finalizes the token but does not call resetInt() or resetFloat().
The resetInt()/resetFloat() methods in ParserBase are where the validateIntegerLength() and validateFPLength() checks are performed.
Because this validation step is skipped, the maxNumberLength constraint is never enforced in the async code path.

PoC

The following JUnit 5 test demonstrates the vulnerability. It shows that the async parser accepts a 5,000-digit number, whereas the limit should be 1,000.

package tools.jackson.core.unittest.dos;

import java.nio.charset.StandardCharsets;

import org.junit.jupiter.api.Test;

import tools.jackson.core.*;
import tools.jackson.core.exc.StreamConstraintsException;
import tools.jackson.core.json.JsonFactory;
import tools.jackson.core.json.async.NonBlockingByteArrayJsonParser;

import static org.junit.jupiter.api.Assertions.*;

/**
 * POC: Number Length Constraint Bypass in Non-Blocking (Async) JSON Parsers
 *
 * Authors: sprabhav7, rohan-repos
 * 
 * maxNumberLength default = 1000 characters (digits).
 * A number with more than 1000 digits should be rejected by any parser.
 *
 * BUG: The async parser never calls resetInt()/resetFloat() which is where
 * validateIntegerLength()/validateFPLength() lives. Instead it calls
 * _valueComplete() which skips all number length validation.
 *
 * CWE-770: Allocation of Resources Without Limits or Throttling
 */
class AsyncParserNumberLengthBypassTest {

    private static final int MAX_NUMBER_LENGTH = 1000;
    private static final int TEST_NUMBER_LENGTH = 5000;

    private final JsonFactory factory = new JsonFactory();

    // CONTROL: Sync parser correctly rejects a number exceeding maxNumberLength
    @Test
    void syncParserRejectsLongNumber() throws Exception {
        byte[] payload = buildPayloadWithLongInteger(TEST_NUMBER_LENGTH);

        // Output to console
        System.out.println("[SYNC] Parsing " + TEST_NUMBER_LENGTH + "-digit number (limit: " + MAX_NUMBER_LENGTH + ")");
        try {
            try (JsonParser p = factory.createParser(ObjectReadContext.empty(), payload)) {
                while (p.nextToken() != null) {
                    if (p.currentToken() == JsonToken.VALUE_NUMBER_INT) {
                        System.out.println("[SYNC] Accepted number with " + p.getText().length() + " digits — UNEXPECTED");
                    }
                }
            }
            fail("Sync parser must reject a " + TEST_NUMBER_LENGTH + "-digit number");
        } catch (StreamConstraintsException e) {
            System.out.println("[SYNC] Rejected with StreamConstraintsException: " + e.getMessage());
        }
    }

    // VULNERABILITY: Async parser accepts the SAME number that sync rejects
    @Test
    void asyncParserAcceptsLongNumber() throws Exception {
        byte[] payload = buildPayloadWithLongInteger(TEST_NUMBER_LENGTH);

        NonBlockingByteArrayJsonParser p =
            (NonBlockingByteArrayJsonParser) factory.createNonBlockingByteArrayParser(ObjectReadContext.empty());
        p.feedInput(payload, 0, payload.length);
        p.endOfInput();

        boolean foundNumber = false;
        try {
            while (p.nextToken() != null) {
                if (p.currentToken() == JsonToken.VALUE_NUMBER_INT) {
                    foundNumber = true;
                    String numberText = p.getText();
                    assertEquals(TEST_NUMBER_LENGTH, numberText.length(),
                        "Async parser silently accepted all " + TEST_NUMBER_LENGTH + " digits");
                }
            }
            // Output to console
            System.out.println("[ASYNC INT] Accepted number with " + TEST_NUMBER_LENGTH + " digits — BUG CONFIRMED");
            assertTrue(foundNumber, "Parser should have produced a VALUE_NUMBER_INT token");
        } catch (StreamConstraintsException e) {
            fail("Bug is fixed — async parser now correctly rejects long numbers: " + e.getMessage());
        }
        p.close();
    }

    private byte[] buildPayloadWithLongInteger(int numDigits) {
        StringBuilder sb = new StringBuilder(numDigits + 10);
        sb.append("{\"v\":");
        for (int i = 0; i < numDigits; i++) {
            sb.append((char) ('1' + (i % 9)));
        }
        sb.append('}');
        return sb.toString().getBytes(StandardCharsets.UTF_8);
    }
}

Impact

A malicious actor can send a JSON document with an arbitrarily long number to an application using the async parser (e.g., in a Spring WebFlux or other reactive application). This can cause: 1. Memory Exhaustion: Unbounded allocation of memory in the TextBuffer to store the number's digits, leading to an OutOfMemoryError. 2. CPU Exhaustion: If the application subsequently calls getBigIntegerValue() or getDecimalValue(), the JVM can be tied up in O(n^2) BigInteger parsing operations, leading to a CPU-based DoS.

Suggested Remediation

The async parsing path should be updated to respect the maxNumberLength constraint. The simplest fix appears to ensure that _valueComplete() or a similar method in the async path calls the appropriate validation methods (resetInt() or resetFloat()) already present in ParserBase, mirroring the behavior of the synchronous parsers.

NOTE: This research was performed in collaboration with rohan-repos

Severity ?

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "tools.jackson.core:jackson-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.fasterxml.jackson.core:jackson-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.19.0"
            },
            {
              "fixed": "2.21.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.18.5"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.fasterxml.jackson.core:jackson-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.18.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-28T02:01:05Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\nThe non-blocking (async) JSON parser in `jackson-core` bypasses the `maxNumberLength` constraint (default: 1000 characters) defined in `StreamReadConstraints`. This allows an attacker to send JSON with arbitrarily long numbers through the async parser API, leading to excessive memory allocation and potential CPU exhaustion, resulting in a Denial of Service (DoS).\n\nThe standard synchronous parser correctly enforces this limit, but the async parser fails to do so, creating an inconsistent enforcement policy.\n\n### Details\nThe root cause is that the async parsing path in `NonBlockingUtf8JsonParserBase` (and related classes) does not call the methods responsible for number length validation.\n\n- The number parsing methods (e.g., `_finishNumberIntegralPart`) accumulate digits into the `TextBuffer` without any length checks.\n- After parsing, they call `_valueComplete()`, which finalizes the token but does **not** call `resetInt()` or `resetFloat()`.\n- The `resetInt()`/`resetFloat()` methods in `ParserBase` are where the `validateIntegerLength()` and `validateFPLength()` checks are performed.\n- Because this validation step is skipped, the `maxNumberLength` constraint is never enforced in the async code path.\n\n### PoC\nThe following JUnit 5 test demonstrates the vulnerability. It shows that the async parser accepts a 5,000-digit number, whereas the limit should be 1,000.\n\n```java\npackage tools.jackson.core.unittest.dos;\n\nimport java.nio.charset.StandardCharsets;\n\nimport org.junit.jupiter.api.Test;\n\nimport tools.jackson.core.*;\nimport tools.jackson.core.exc.StreamConstraintsException;\nimport tools.jackson.core.json.JsonFactory;\nimport tools.jackson.core.json.async.NonBlockingByteArrayJsonParser;\n\nimport static org.junit.jupiter.api.Assertions.*;\n\n/**\n * POC: Number Length Constraint Bypass in Non-Blocking (Async) JSON Parsers\n *\n * Authors: sprabhav7, rohan-repos\n * \n * maxNumberLength default = 1000 characters (digits).\n * A number with more than 1000 digits should be rejected by any parser.\n *\n * BUG: The async parser never calls resetInt()/resetFloat() which is where\n * validateIntegerLength()/validateFPLength() lives. Instead it calls\n * _valueComplete() which skips all number length validation.\n *\n * CWE-770: Allocation of Resources Without Limits or Throttling\n */\nclass AsyncParserNumberLengthBypassTest {\n\n    private static final int MAX_NUMBER_LENGTH = 1000;\n    private static final int TEST_NUMBER_LENGTH = 5000;\n\n    private final JsonFactory factory = new JsonFactory();\n\n    // CONTROL: Sync parser correctly rejects a number exceeding maxNumberLength\n    @Test\n    void syncParserRejectsLongNumber() throws Exception {\n        byte[] payload = buildPayloadWithLongInteger(TEST_NUMBER_LENGTH);\n\t\t\n\t\t// Output to console\n        System.out.println(\"[SYNC] Parsing \" + TEST_NUMBER_LENGTH + \"-digit number (limit: \" + MAX_NUMBER_LENGTH + \")\");\n        try {\n            try (JsonParser p = factory.createParser(ObjectReadContext.empty(), payload)) {\n                while (p.nextToken() != null) {\n                    if (p.currentToken() == JsonToken.VALUE_NUMBER_INT) {\n                        System.out.println(\"[SYNC] Accepted number with \" + p.getText().length() + \" digits \u2014 UNEXPECTED\");\n                    }\n                }\n            }\n            fail(\"Sync parser must reject a \" + TEST_NUMBER_LENGTH + \"-digit number\");\n        } catch (StreamConstraintsException e) {\n            System.out.println(\"[SYNC] Rejected with StreamConstraintsException: \" + e.getMessage());\n        }\n    }\n\n    // VULNERABILITY: Async parser accepts the SAME number that sync rejects\n    @Test\n    void asyncParserAcceptsLongNumber() throws Exception {\n        byte[] payload = buildPayloadWithLongInteger(TEST_NUMBER_LENGTH);\n\n        NonBlockingByteArrayJsonParser p =\n            (NonBlockingByteArrayJsonParser) factory.createNonBlockingByteArrayParser(ObjectReadContext.empty());\n        p.feedInput(payload, 0, payload.length);\n        p.endOfInput();\n\n        boolean foundNumber = false;\n        try {\n            while (p.nextToken() != null) {\n                if (p.currentToken() == JsonToken.VALUE_NUMBER_INT) {\n                    foundNumber = true;\n                    String numberText = p.getText();\n                    assertEquals(TEST_NUMBER_LENGTH, numberText.length(),\n                        \"Async parser silently accepted all \" + TEST_NUMBER_LENGTH + \" digits\");\n                }\n            }\n            // Output to console\n            System.out.println(\"[ASYNC INT] Accepted number with \" + TEST_NUMBER_LENGTH + \" digits \u2014 BUG CONFIRMED\");\n            assertTrue(foundNumber, \"Parser should have produced a VALUE_NUMBER_INT token\");\n        } catch (StreamConstraintsException e) {\n            fail(\"Bug is fixed \u2014 async parser now correctly rejects long numbers: \" + e.getMessage());\n        }\n        p.close();\n    }\n\n    private byte[] buildPayloadWithLongInteger(int numDigits) {\n        StringBuilder sb = new StringBuilder(numDigits + 10);\n        sb.append(\"{\\\"v\\\":\");\n        for (int i = 0; i \u003c numDigits; i++) {\n            sb.append((char) (\u00271\u0027 + (i % 9)));\n        }\n        sb.append(\u0027}\u0027);\n        return sb.toString().getBytes(StandardCharsets.UTF_8);\n    }\n}\n\n```\n\n\n### Impact\nA malicious actor can send a JSON document with an arbitrarily long number to an application using the async parser (e.g., in a Spring WebFlux or other reactive application). This can cause:\n1.  **Memory Exhaustion:** Unbounded allocation of memory in the `TextBuffer` to store the number\u0027s digits, leading to an `OutOfMemoryError`.\n2.  **CPU Exhaustion:** If the application subsequently calls `getBigIntegerValue()` or `getDecimalValue()`, the JVM can be tied up in O(n^2) `BigInteger` parsing operations, leading to a CPU-based DoS.\n\n### Suggested Remediation\n\nThe async parsing path should be updated to respect the `maxNumberLength` constraint. The simplest fix appears to ensure that `_valueComplete()` or a similar method in the async path calls the appropriate validation methods (`resetInt()` or `resetFloat()`) already present in `ParserBase`, mirroring the behavior of the synchronous parsers.\n\n**NOTE:** This research was performed in collaboration with [rohan-repos](https://github.com/rohan-repos)",
  "id": "GHSA-72hv-8253-57qq",
  "modified": "2026-04-07T16:30:17Z",
  "published": "2026-02-28T02:01:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-72hv-8253-57qq"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-core/pull/1555"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FasterXML/jackson-core"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition"
}

GHSA-7G45-4RM6-3MM3

Vulnerability from github – Published: 2023-06-14 18:30 – Updated: 2025-11-04 16:44

Summary

Guava vulnerable to insecure use of temporary directory

Details

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.google.guava:guava"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0"
            },
            {
              "fixed": "32.0.0-android"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-2976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-379",
      "CWE-552"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-14T21:01:07Z",
    "nvd_published_at": "2023-06-14T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Use of Java\u0027s default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.\n\nEven though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.",
  "id": "GHSA-7g45-4rm6-3mm3",
  "modified": "2025-11-04T16:44:26Z",
  "published": "2023-06-14T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/issues/2575"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/issues/6532"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/commit/feb83a1c8fd2e7670b244d5afd23cba5aca43284"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/google/guava"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/guava/releases/tag/v32.0.0"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0008"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20241108-0002"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Guava vulnerable to insecure use of temporary directory"
}

GHSA-9H6P-92JQ-888X

Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-07-06 20:28

Summary

Integer Overflow or Wraparound in JBCrypt

Details

Integer overflow in the crypt_raw method in the key-stretching implementation in JBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.mindrot:jbcrypt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-0886"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T20:28:22Z",
    "nvd_published_at": "2015-02-28T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer overflow in the crypt_raw method in the key-stretching implementation in JBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.",
  "id": "GHSA-9h6p-92jq-888x",
  "modified": "2022-07-06T20:28:22Z",
  "published": "2022-05-13T01:05:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0886"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mindrot.org/show_bug.cgi?id=2097"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbd23e3ac8113b4da0a025c0e45170b6ec317383a1cf06090c2c717aa@%3Ccommits.cassandra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd5c2256b8dc9935e4bb5e9be90adce58408054bb42523730a40c5548@%3Ccommits.cassandra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re330cfe9e5d84e3f7da8ace23ec32f38cb3fbd328bf177badd7ad942@%3Ccommits.cassandra.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN77718330/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000033"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151496.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151786.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151797.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mindrot.org/projects/jBCrypt/news/rel04.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Integer Overflow or Wraparound in JBCrypt"
}

GHSA-9W3M-GQGF-C4P9

Vulnerability from github – Published: 2022-09-06 00:00 – Updated: 2024-03-15 12:30

Summary

snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write

Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.yaml:snakeyaml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.32"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-38752"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-13T21:29:45Z",
    "nvd_published_at": "2022-09-05T10:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.",
  "id": "GHSA-9w3m-gqgf-c4p9",
  "modified": "2024-03-15T12:30:35Z",
  "published": "2022-09-06T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
    },
    {
      "type": "PACKAGE",
      "url": "https://bitbucket.org/snakeyaml/snakeyaml"
    },
    {
      "type": "WEB",
      "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-28"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240315-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write"
}

GHSA-C4QC-4Q9P-M9Q9

Vulnerability from github – Published: 2026-02-10 12:30 – Updated: 2026-02-10 14:33

Summary

Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability

Details

Observable Timing Discrepancy vulnerability in Apache Shiro.

This issue affects Apache Shiro: from 1., 2. before 2.0.7.

Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue.

Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, that a brute-force attack may be able to tell, by timing the requests only, determine if the request failed because of a non-existent user vs. wrong password.

The most likely attack vector is a local attack only. Shiro security model https://shiro.apache.org/security-model.html#username_enumeration discusses this as well.

Typically, brute force attack can be mitigated at the infrastructure level.

Severity ?

1.0 (Low)


                  
                    CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.shiro:shiro-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-23901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-10T14:33:33Z",
    "nvd_published_at": "2026-02-10T10:15:59Z",
    "severity": "LOW"
  },
  "details": "Observable Timing Discrepancy vulnerability in Apache Shiro.\n\nThis issue affects Apache Shiro: from 1.*, 2.* before 2.0.7.\n\nUsers are recommended to upgrade to version 2.0.7 or later, which fixes the issue.\n\nPrior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough,\nthat a brute-force attack may be able to tell, by timing the requests only, determine if\nthe request failed because of a non-existent user vs. wrong password.\n\nThe most likely attack vector is a local attack only.\nShiro security model\u00a0 https://shiro.apache.org/security-model.html#username_enumeration \u00a0discusses this as well.\n\nTypically, brute force attack can be mitigated at the infrastructure level.",
  "id": "GHSA-c4qc-4q9p-m9q9",
  "modified": "2026-02-10T14:33:33Z",
  "published": "2026-02-10T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23901"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/shiro"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/mm1jct9b86jvnh3y44tj22xvjtx3xhhh"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/02/08/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability"
}

GHSA-G8M5-722R-8WHQ

Vulnerability from github – Published: 2024-10-14 21:08 – Updated: 2025-11-03 22:49

Summary

Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

Details

Impact

Remote DOS attack can cause out of memory

Description

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

Affected Versions

Jetty 12.0.0-12.0.8 (Supported)
Jetty 11.0.0-11.0.23 (EOL)
Jetty 10.0.0-10.0.23 (EOL)
Jetty 9.3.12-9.4.55 (EOL)

Patched Versions

Jetty 12.0.9
Jetty 11.0.24
Jetty 10.0.24
Jetty 9.4.56

Workarounds

Do not use ThreadLimitHandler.
Consider use of QoSHandler instead to artificially limit resource utilization.

References

Jetty 12 - https://github.com/jetty/jetty.project/pull/11723

Severity ?

5.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 12.0.8"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.0.23"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.0.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 11.0.23"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.0.0"
            },
            {
              "fixed": "11.0.24"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.4.55"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.3.12"
            },
            {
              "fixed": "9.4.56"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-8184"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-14T21:08:38Z",
    "nvd_published_at": "2024-10-14T16:15:04Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nRemote DOS attack can cause out of memory \n\n### Description\nThere exists a security vulnerability in Jetty\u0027s `ThreadLimitHandler.getRemote()` which\ncan be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.  By\nrepeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the\nserver\u0027s memory.\n\n### Affected Versions\n\n* Jetty 12.0.0-12.0.8 (Supported)\n* Jetty 11.0.0-11.0.23 (EOL)\n* Jetty 10.0.0-10.0.23 (EOL)\n* Jetty 9.3.12-9.4.55 (EOL)\n\n### Patched Versions\n\n* Jetty 12.0.9\n* Jetty 11.0.24\n* Jetty 10.0.24\n* Jetty 9.4.56\n\n### Workarounds\n\nDo not use `ThreadLimitHandler`.  \nConsider use of `QoSHandler` instead to artificially limit resource utilization.\n\n### References\n\nJetty 12 - https://github.com/jetty/jetty.project/pull/11723",
  "id": "GHSA-g8m5-722r-8whq",
  "modified": "2025-11-03T22:49:11Z",
  "published": "2024-10-14T21:08:38Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jetty/jetty.project/pull/11723"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jetty/jetty.project"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Eclipse Jetty\u0027s ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks"
}

GHSA-GC5V-M9X4-R6X2

Vulnerability from github – Published: 2026-03-25 16:56 – Updated: 2026-03-27 22:07

Summary

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Details

Impact

The requests.utils.extract_zipped_paths() utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one.

Affected usages

Standard usage of the Requests library is not affected by this vulnerability. Only applications that call extract_zipped_paths() directly are impacted.

Remediation

Upgrade to at least Requests 2.33.0, where the library now extracts files to a non-deterministic location.

If developers are unable to upgrade, they can set TMPDIR in their environment to a directory with restricted write access.

Severity ?

4.4 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "requests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.33.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25645"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-377"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-25T16:56:28Z",
    "nvd_published_at": "2026-03-25T17:16:52Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one.\n\n### Affected usages\n**Standard usage of the Requests library is not affected by this vulnerability.** Only applications that call `extract_zipped_paths()` directly are impacted.\n\n### Remediation\nUpgrade to at least Requests 2.33.0, where the library now extracts files to a non-deterministic location.\n\nIf developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.",
  "id": "GHSA-gc5v-m9x4-r6x2",
  "modified": "2026-03-27T22:07:42Z",
  "published": "2026-03-25T16:56:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25645"
    },
    {
      "type": "WEB",
      "url": "https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/psf/requests"
    },
    {
      "type": "WEB",
      "url": "https://github.com/psf/requests/releases/tag/v2.33.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

Vulnerability from cleanstart

Summary

Details

Impact

Summary

Details

PoC

Impact

Suggested Remediation

Impact

Description

Affected Versions

Patched Versions

Workarounds

References

Impact

Affected usages

Remediation

Tags

Sightings

Nomenclature