Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-4CX2-FC23-5WG6
Vulnerability from github – Published: 2025-08-13 12:31 – Updated: 2025-10-17 13:58
VLAI?
Summary
Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation
Details
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP... https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java , https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathRevi... https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java .
This issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcpkix-jdk15on"
},
"ranges": [
{
"events": [
{
"introduced": "1.44"
},
{
"fixed": "1.79"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcpkix-jdk15to18"
},
"ranges": [
{
"events": [
{
"introduced": "1.44"
},
{
"fixed": "1.79"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcpkix-jdk18on"
},
"ranges": [
{
"events": [
{
"introduced": "1.44"
},
{
"fixed": "1.79"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.0.7"
},
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcpkix-fips"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.0.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.7"
},
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcpkix-fips"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-8916"
],
"database_specific": {
"cwe_ids": [
"CWE-770"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-13T22:52:42Z",
"nvd_published_at": "2025-08-13T10:15:27Z",
"severity": "MODERATE"
},
"details": "Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP... https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java , https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathRevi... https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java .\n\nThis issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7.",
"id": "GHSA-4cx2-fc23-5wg6",
"modified": "2025-10-17T13:58:30Z",
"published": "2025-08-13T12:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8916"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/commit/310b30a4fbf36d13f6cc201ffa7771715641e67e"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/commit/ff444a479942d88de64004dc82c3ee32a9e9075a"
},
{
"type": "PACKAGE",
"url": "https://github.com/bcgit/bc-java"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908916"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"type": "CVSS_V4"
}
],
"summary": "Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation"
}
cleanstart-2026-fo41609
Vulnerability from cleanstart
Published
2026-04-01 10:02
Modified
2026-03-10 06:14
Summary
Security fixes for CVE-2025-48924, ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 8.19.12-r0, 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2
Details
Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.3.0-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-FO41609",
"modified": "2026-03-10T06:14:42Z",
"published": "2026-04-01T10:02:50.908381Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FO41609.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-33mh-2634-fwr2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vqg5-3255-v292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-48924, ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 8.19.12-r0, 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2",
"upstream": [
"CVE-2025-48924",
"ghsa-22h5-pq3x-2gf2",
"ghsa-33mh-2634-fwr2",
"ghsa-4cx2-fc23-5wg6",
"ghsa-6xw4-3v39-52mm",
"ghsa-72hv-8253-57qq",
"ghsa-72qj-48g4-5xgx",
"ghsa-c2f4-jgmc-q2r5",
"ghsa-gh9q-2xrm-x6qv",
"ghsa-j288-q9x7-2f5v",
"ghsa-j4pr-3wm6-xx2r",
"ghsa-mhwm-jh88-3gjf",
"ghsa-mr3q-g2mv-mr4q",
"ghsa-p543-xpfm-54cp",
"ghsa-vc5p-v9hr-52mj",
"ghsa-vqg5-3255-v292",
"ghsa-w9pc-fmgc-vxvw",
"ghsa-wpv5-97wm-hp9c"
]
}
cleanstart-2026-ew93264
Vulnerability from cleanstart
Published
2026-03-04 00:39
Modified
2026-03-03 12:59
Summary
Security fixes for GHSA-4CX2-FC23-5WG6, GHSA-6XW4-3V39-52MM, GHSA-72QJ-48G4-5XGX, GHSA-MR3Q-G2MV-MR4Q, GHSA-P543-XPFM-54CP, GHSA-VC5P-V9HR-52MJ, GHSA-VQG5-3255-V292 applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2
Details
Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.3.0-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-EW93264",
"modified": "2026-03-03T12:59:01Z",
"published": "2026-03-04T00:39:32.590174Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-EW93264"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-4CX2-FC23-5WG6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6XW4-3V39-52MM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-72QJ-48G4-5XGX"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MR3Q-G2MV-MR4Q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-P543-XPFM-54CP"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-VC5P-V9HR-52MJ"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-VQG5-3255-V292"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for GHSA-4CX2-FC23-5WG6, GHSA-6XW4-3V39-52MM, GHSA-72QJ-48G4-5XGX, GHSA-MR3Q-G2MV-MR4Q, GHSA-P543-XPFM-54CP, GHSA-VC5P-V9HR-52MJ, GHSA-VQG5-3255-V292 applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2",
"upstream": [
"GHSA-4CX2-FC23-5WG6",
"GHSA-6XW4-3V39-52MM",
"GHSA-72QJ-48G4-5XGX",
"GHSA-MR3Q-G2MV-MR4Q",
"GHSA-P543-XPFM-54CP",
"GHSA-VC5P-V9HR-52MJ",
"GHSA-VQG5-3255-V292"
]
}
cleanstart-2026-iw08736
Vulnerability from cleanstart
Published
2026-04-09 00:53
Modified
2026-04-08 09:19
Summary
Uncontrolled Recursion vulnerability in Apache Commons Lang
Details
Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.2.6-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-IW08736",
"modified": "2026-04-08T09:19:34Z",
"published": "2026-04-09T00:53:08.467045Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-IW08736.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61770"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61771"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61772"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25500"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2xgq-q749-89fq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3m6g-2423-7cp3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mxw3-3hh2-x2mh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vqg5-3255-v292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-whrj-4476-wvmp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25500"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Uncontrolled Recursion vulnerability in Apache Commons Lang",
"upstream": [
"CVE-2025-48924",
"CVE-2025-61770",
"CVE-2025-61771",
"CVE-2025-61772",
"CVE-2025-61919",
"CVE-2026-25500",
"ghsa-22h5-pq3x-2gf2",
"ghsa-2xgq-q749-89fq",
"ghsa-3m6g-2423-7cp3",
"ghsa-4cx2-fc23-5wg6",
"ghsa-6xw4-3v39-52mm",
"ghsa-72qj-48g4-5xgx",
"ghsa-c2f4-jgmc-q2r5",
"ghsa-gh9q-2xrm-x6qv",
"ghsa-j288-q9x7-2f5v",
"ghsa-mhwm-jh88-3gjf",
"ghsa-mr3q-g2mv-mr4q",
"ghsa-mxw3-3hh2-x2mh",
"ghsa-p543-xpfm-54cp",
"ghsa-vc5p-v9hr-52mj",
"ghsa-vqg5-3255-v292",
"ghsa-w9pc-fmgc-vxvw",
"ghsa-whrj-4476-wvmp",
"ghsa-wpv5-97wm-hp9c"
]
}
cleanstart-2026-xj84245
Vulnerability from cleanstart
Published
2026-03-04 00:43
Modified
2026-03-03 12:59
Summary
Rack is a modular Ruby web server interface
Details
Multiple security vulnerabilities affect the logstash-fips package. Rack is a modular Ruby web server interface. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.2.6-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. Rack is a modular Ruby web server interface. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-XJ84245",
"modified": "2026-03-03T12:59:01Z",
"published": "2026-03-04T00:43:02.364521Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-XJ84245.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61770"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61771"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61772"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25500"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-22h5-pq3x-2gf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2xgq-q749-89fq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6xw4-3v39-52mm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-72qj-48g4-5xgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-c2f4-jgmc-q2r5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-gh9q-2xrm-x6qv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-mhwm-jh88-3gjf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-mr3q-g2mv-mr4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-mxw3-3hh2-x2mh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-p543-xpfm-54cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-vc5p-v9hr-52mj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-vqg5-3255-v292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-w9pc-fmgc-vxvw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-whrj-4476-wvmp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-wpv5-97wm-hp9c"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25500"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Rack is a modular Ruby web server interface",
"upstream": [
"CVE-2025-61770",
"CVE-2025-61771",
"CVE-2025-61772",
"CVE-2026-25500",
"GHSA-22h5-pq3x-2gf2",
"GHSA-2xgq-q749-89fq",
"GHSA-4cx2-fc23-5wg6",
"GHSA-6xw4-3v39-52mm",
"GHSA-72qj-48g4-5xgx",
"GHSA-c2f4-jgmc-q2r5",
"GHSA-gh9q-2xrm-x6qv",
"GHSA-mhwm-jh88-3gjf",
"GHSA-mr3q-g2mv-mr4q",
"GHSA-mxw3-3hh2-x2mh",
"GHSA-p543-xpfm-54cp",
"GHSA-vc5p-v9hr-52mj",
"GHSA-vqg5-3255-v292",
"GHSA-w9pc-fmgc-vxvw",
"GHSA-whrj-4476-wvmp",
"GHSA-wpv5-97wm-hp9c"
]
}
cleanstart-2026-gy92571
Vulnerability from cleanstart
Published
2026-04-01 09:28
Modified
2026-03-23 10:27
Summary
Security fixes for ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2
Details
Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.3.0-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-GY92571",
"modified": "2026-03-23T10:27:15Z",
"published": "2026-04-01T09:28:54.070298Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GY92571.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-33mh-2634-fwr2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vqg5-3255-v292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2",
"upstream": [
"ghsa-22h5-pq3x-2gf2",
"ghsa-33mh-2634-fwr2",
"ghsa-4cx2-fc23-5wg6",
"ghsa-6xw4-3v39-52mm",
"ghsa-72hv-8253-57qq",
"ghsa-72qj-48g4-5xgx",
"ghsa-c2f4-jgmc-q2r5",
"ghsa-gh9q-2xrm-x6qv",
"ghsa-j4pr-3wm6-xx2r",
"ghsa-mhwm-jh88-3gjf",
"ghsa-mr3q-g2mv-mr4q",
"ghsa-p543-xpfm-54cp",
"ghsa-vc5p-v9hr-52mj",
"ghsa-vqg5-3255-v292",
"ghsa-w9pc-fmgc-vxvw",
"ghsa-wpv5-97wm-hp9c"
]
}
cleanstart-2026-ge08280
Vulnerability from cleanstart
Published
2026-04-09 01:01
Modified
2026-04-08 08:04
Summary
Ruby JSON is a JSON implementation for Ruby
Details
Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.2.6-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-GE08280",
"modified": "2026-04-08T08:04:46Z",
"published": "2026-04-09T01:01:38.909372Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GE08280.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-45993"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-31344"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61770"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61771"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61772"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-67130"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25500"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33210"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2xgq-q749-89fq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3m6g-2423-7cp3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mxw3-3hh2-x2mh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vqg5-3255-v292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-whrj-4476-wvmp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45993"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31344"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67130"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25500"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33210"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Ruby JSON is a JSON implementation for Ruby",
"upstream": [
"CVE-2024-45993",
"CVE-2025-31344",
"CVE-2025-48924",
"CVE-2025-61726",
"CVE-2025-61728",
"CVE-2025-61770",
"CVE-2025-61771",
"CVE-2025-61772",
"CVE-2025-61919",
"CVE-2025-67130",
"CVE-2025-68121",
"CVE-2025-68161",
"CVE-2026-25500",
"CVE-2026-33210",
"ghsa-22h5-pq3x-2gf2",
"ghsa-2xgq-q749-89fq",
"ghsa-3m6g-2423-7cp3",
"ghsa-4cx2-fc23-5wg6",
"ghsa-6xw4-3v39-52mm",
"ghsa-72qj-48g4-5xgx",
"ghsa-c2f4-jgmc-q2r5",
"ghsa-gh9q-2xrm-x6qv",
"ghsa-j288-q9x7-2f5v",
"ghsa-j4pr-3wm6-xx2r",
"ghsa-mhwm-jh88-3gjf",
"ghsa-mr3q-g2mv-mr4q",
"ghsa-mxw3-3hh2-x2mh",
"ghsa-p543-xpfm-54cp",
"ghsa-vc5p-v9hr-52mj",
"ghsa-vqg5-3255-v292",
"ghsa-w9pc-fmgc-vxvw",
"ghsa-whrj-4476-wvmp",
"ghsa-wpv5-97wm-hp9c"
]
}
cleanstart-2026-bg72514
Vulnerability from cleanstart
Published
2026-04-09 00:49
Modified
2026-04-08 09:13
Summary
Uncontrolled Recursion vulnerability in Apache Commons Lang
Details
Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.3.0-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-BG72514",
"modified": "2026-04-08T09:13:42Z",
"published": "2026-04-09T00:49:38.775284Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-BG72514.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-33mh-2634-fwr2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vqg5-3255-v292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Uncontrolled Recursion vulnerability in Apache Commons Lang",
"upstream": [
"CVE-2025-48924",
"ghsa-22h5-pq3x-2gf2",
"ghsa-33mh-2634-fwr2",
"ghsa-4cx2-fc23-5wg6",
"ghsa-6xw4-3v39-52mm",
"ghsa-72hv-8253-57qq",
"ghsa-72qj-48g4-5xgx",
"ghsa-c2f4-jgmc-q2r5",
"ghsa-gh9q-2xrm-x6qv",
"ghsa-j288-q9x7-2f5v",
"ghsa-j4pr-3wm6-xx2r",
"ghsa-mhwm-jh88-3gjf",
"ghsa-mr3q-g2mv-mr4q",
"ghsa-p543-xpfm-54cp",
"ghsa-vc5p-v9hr-52mj",
"ghsa-vqg5-3255-v292",
"ghsa-w9pc-fmgc-vxvw",
"ghsa-wpv5-97wm-hp9c"
]
}
cleanstart-2026-jo97977
Vulnerability from cleanstart
Published
2026-04-01 10:02
Modified
2026-03-10 06:18
Summary
Security fixes for ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2
Details
Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.3.0-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-JO97977",
"modified": "2026-03-10T06:18:32Z",
"published": "2026-04-01T10:02:43.649563Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-JO97977.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-33mh-2634-fwr2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vqg5-3255-v292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2",
"upstream": [
"ghsa-22h5-pq3x-2gf2",
"ghsa-33mh-2634-fwr2",
"ghsa-4cx2-fc23-5wg6",
"ghsa-6xw4-3v39-52mm",
"ghsa-72hv-8253-57qq",
"ghsa-72qj-48g4-5xgx",
"ghsa-c2f4-jgmc-q2r5",
"ghsa-gh9q-2xrm-x6qv",
"ghsa-j4pr-3wm6-xx2r",
"ghsa-mhwm-jh88-3gjf",
"ghsa-mr3q-g2mv-mr4q",
"ghsa-p543-xpfm-54cp",
"ghsa-vc5p-v9hr-52mj",
"ghsa-vqg5-3255-v292",
"ghsa-w9pc-fmgc-vxvw",
"ghsa-wpv5-97wm-hp9c"
]
}
cleanstart-2026-kc06018
Vulnerability from cleanstart
Published
2026-04-06 02:52
Modified
2026-04-01 11:37
Summary
Security fixes for CVE-2017-12158, CVE-2017-12159, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-cbdj-484d-3x9q, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-pwqr-wmgm-9rr8, ghsa-w9fj-cfpg-grvv applied in versions: 26.1.4-r1, 26.5.0-r0, 26.5.0-r1, 26.5.0-r2, 26.5.6-r3
Details
Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.5.6-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-KC06018",
"modified": "2026-04-01T11:37:49Z",
"published": "2026-04-06T02:52:37.677608Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KC06018.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12159"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5rfx-cp42-p624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cbdj-484d-3x9q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-12158, CVE-2017-12159, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-cbdj-484d-3x9q, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-pwqr-wmgm-9rr8, ghsa-w9fj-cfpg-grvv applied in versions: 26.1.4-r1, 26.5.0-r0, 26.5.0-r1, 26.5.0-r2, 26.5.6-r3",
"upstream": [
"CVE-2017-12158",
"CVE-2017-12159",
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-5rfx-cp42-p624",
"ghsa-72hv-8253-57qq",
"ghsa-84h7-rjj3-6jx4",
"ghsa-9342-92gg-6v29",
"ghsa-cbdj-484d-3x9q",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-w9fj-cfpg-grvv"
]
}
CVE-2025-8916 (GCVE-0-2025-8916)
Vulnerability from cvelistv5 – Published: 2025-08-13 09:31 – Updated: 2025-09-12 11:17
VLAI?
EPSS
Title
Possible DOS in processing large name constraint structures in PKIXCertPathReveiwer
Summary
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java, https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java.
This issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Legion of the Bouncy Castle Inc. | BC Java |
Affected:
1.44 , ≤ 1.78
(maven)
|
||||||||||||
|
||||||||||||||
Credits
Bing Shi
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T13:13:37.616496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T13:13:54.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo1.maven.org/maven2/org/bouncycastle",
"defaultStatus": "unaffected",
"modules": [
"API"
],
"packageName": "bcpkix",
"platforms": [
"All"
],
"product": "BC Java",
"programFiles": [
"https://github.com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java"
],
"repo": "https://github.com/bcgit/bc-java",
"vendor": "Legion of the Bouncy Castle Inc.",
"versions": [
{
"lessThanOrEqual": "1.78",
"status": "affected",
"version": "1.44",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo1.maven.org/maven2/org/bouncycastle",
"defaultStatus": "unaffected",
"modules": [
"API"
],
"packageName": "bcprov",
"platforms": [
"All"
],
"product": "BC Java",
"programFiles": [
"https://github.com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java"
],
"repo": "https://github.com/bcgit/bc-java",
"vendor": "Legion of the Bouncy Castle Inc.",
"versions": [
{
"lessThanOrEqual": "1.78",
"status": "affected",
"version": "1.44",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo1.maven.org/maven2/org/bouncycastle",
"defaultStatus": "unaffected",
"modules": [
"API"
],
"packageName": "bcpkix-fips",
"platforms": [
"All"
],
"product": "BCPKIX FIPS",
"vendor": "Legion of the Bouncy Castle Inc.",
"versions": [
{
"lessThanOrEqual": "1.0.7",
"status": "affected",
"version": "1.0.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "2.0.7",
"status": "affected",
"version": "2.0.0",
"versionType": "maven"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For an attack to take place the PKIXCertPathReviewer class must be in use by the application under attack and the class must be consuming certificate paths of unknown origin without any form of other validation."
}
],
"value": "For an attack to take place the PKIXCertPathReviewer class must be in use by the application under attack and the class must be consuming certificate paths of unknown origin without any form of other validation."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bing Shi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java\u003c/tt\u003e, \u003ctt\u003ehttps://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7.\u003c/p\u003e"
}
],
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.Java, https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.Java.\n\nThis issue affects BC Java: from 1.44 through 1.78; BC Java: from 1.44 through 1.78; BCPKIX FIPS: from 1.0.0 through 1.0.7, from 2.0.0 through 2.0.7."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T11:17:08.609Z",
"orgId": "91579145-5d7b-4cc5-b925-a0262ff19630",
"shortName": "bcorg"
},
"references": [
{
"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908916"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Possible DOS in processing large name constraint structures in PKIXCertPathReveiwer",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Limiting the size of ASN.1 objects that can be loaded from \"the wild\" will mitigate the risk of an exploit by automatically putting a cap on the maximum size of a Name Constraints structure."
}
],
"value": "Limiting the size of ASN.1 objects that can be loaded from \"the wild\" will mitigate the risk of an exploit by automatically putting a cap on the maximum size of a Name Constraints structure."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "91579145-5d7b-4cc5-b925-a0262ff19630",
"assignerShortName": "bcorg",
"cveId": "CVE-2025-8916",
"datePublished": "2025-08-13T09:31:21.181Z",
"dateReserved": "2025-08-13T08:52:38.480Z",
"dateUpdated": "2025-09-12T11:17:08.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…