Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-J288-Q9X7-2F5V
Vulnerability from github – Published: 2025-07-11 15:31 – Updated: 2025-11-05 20:30
VLAI?
Summary
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs
Details
Uncontrolled Recursion vulnerability in Apache Commons Lang.
This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop.
Users are recommended to upgrade to version 3.18.0, which fixes the issue.
Severity ?
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.commons:commons-lang3"
},
"ranges": [
{
"events": [
{
"introduced": "3.0"
},
{
"fixed": "3.18.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "commons-lang:commons-lang"
},
"ranges": [
{
"events": [
{
"introduced": "2.0"
},
{
"last_affected": "2.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-48924"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-12T00:48:03Z",
"nvd_published_at": "2025-07-11T15:15:24Z",
"severity": "MODERATE"
},
"details": "Uncontrolled Recursion vulnerability in Apache Commons Lang.\n\nThis issue affects Apache Commons Lang: Starting with\u00a0commons-lang:commons-lang\u00a02.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before\u00a03.18.0.\n\nThe methods ClassUtils.getClass(...) can throw\u00a0StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could\u00a0cause an application to stop.\n\nUsers are recommended to upgrade to version 3.18.0, which fixes the issue.",
"id": "GHSA-j288-q9x7-2f5v",
"modified": "2025-11-05T20:30:31Z",
"published": "2025-07-11T15:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://github.com/apache/commons-lang/commit/b424803abdb2bec818e4fbcb251ce031c22aca53"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/commons-lang"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs"
}
cleanstart-2026-bg72514
Vulnerability from cleanstart
Published
2026-04-09 00:49
Modified
2026-04-08 09:13
Summary
Uncontrolled Recursion vulnerability in Apache Commons Lang
Details
Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.3.0-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-BG72514",
"modified": "2026-04-08T09:13:42Z",
"published": "2026-04-09T00:49:38.775284Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-BG72514.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-33mh-2634-fwr2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vqg5-3255-v292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Uncontrolled Recursion vulnerability in Apache Commons Lang",
"upstream": [
"CVE-2025-48924",
"ghsa-22h5-pq3x-2gf2",
"ghsa-33mh-2634-fwr2",
"ghsa-4cx2-fc23-5wg6",
"ghsa-6xw4-3v39-52mm",
"ghsa-72hv-8253-57qq",
"ghsa-72qj-48g4-5xgx",
"ghsa-c2f4-jgmc-q2r5",
"ghsa-gh9q-2xrm-x6qv",
"ghsa-j288-q9x7-2f5v",
"ghsa-j4pr-3wm6-xx2r",
"ghsa-mhwm-jh88-3gjf",
"ghsa-mr3q-g2mv-mr4q",
"ghsa-p543-xpfm-54cp",
"ghsa-vc5p-v9hr-52mj",
"ghsa-vqg5-3255-v292",
"ghsa-w9pc-fmgc-vxvw",
"ghsa-wpv5-97wm-hp9c"
]
}
cleanstart-2026-cq39708
Vulnerability from cleanstart
Published
2026-04-09 00:53
Modified
2026-04-08 08:11
Summary
Netty is an asynchronous, event-driven network application framework
Details
Multiple security vulnerabilities affect the logstash-fips package. Netty is an asynchronous, event-driven network application framework. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.3.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. Netty is an asynchronous, event-driven network application framework. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-CQ39708",
"modified": "2026-04-08T08:11:56Z",
"published": "2026-04-09T00:53:38.262441Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-CQ39708.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-45993"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-31344"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26740"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33210"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-33mh-2634-fwr2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3m6g-2423-7cp3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wx95-c6cv-8532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45993"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31344"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33210"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Netty is an asynchronous, event-driven network application framework",
"upstream": [
"CVE-2024-45993",
"CVE-2025-31344",
"CVE-2025-48924",
"CVE-2026-26740",
"CVE-2026-33210",
"CVE-2026-33870",
"ghsa-33mh-2634-fwr2",
"ghsa-3m6g-2423-7cp3",
"ghsa-72hv-8253-57qq",
"ghsa-j288-q9x7-2f5v",
"ghsa-j4pr-3wm6-xx2r",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-wx95-c6cv-8532"
]
}
cleanstart-2026-dv49899
Vulnerability from cleanstart
Published
2026-05-18 13:35
Modified
2026-05-08 10:39
Summary
Security fixes for CVE-2024-45993, CVE-2025-31344, CVE-2025-48924, CVE-2026-26740, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33210, CVE-2026-33810, CVE-2026-33870, ghsa-33mh-2634-fwr2, ghsa-3m6g-2423-7cp3, ghsa-72hv-8253-57qq, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-pwqr-wmgm-9rr8, ghsa-wx95-c6cv-8532 applied in versions: 9.3.0-r1, 9.3.0-r2, 9.3.1-r0, 9.3.2-r0
Details
Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.3.2-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-DV49899",
"modified": "2026-05-08T10:39:26Z",
"published": "2026-05-18T13:35:44.877999Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-DV49899.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-45993"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-31344"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26740"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32282"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32289"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33210"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33810"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-33mh-2634-fwr2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3m6g-2423-7cp3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wx95-c6cv-8532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45993"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31344"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33210"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2024-45993, CVE-2025-31344, CVE-2025-48924, CVE-2026-26740, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33210, CVE-2026-33810, CVE-2026-33870, ghsa-33mh-2634-fwr2, ghsa-3m6g-2423-7cp3, ghsa-72hv-8253-57qq, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-pwqr-wmgm-9rr8, ghsa-wx95-c6cv-8532 applied in versions: 9.3.0-r1, 9.3.0-r2, 9.3.1-r0, 9.3.2-r0",
"upstream": [
"CVE-2024-45993",
"CVE-2025-31344",
"CVE-2025-48924",
"CVE-2026-26740",
"CVE-2026-32282",
"CVE-2026-32283",
"CVE-2026-32289",
"CVE-2026-33210",
"CVE-2026-33810",
"CVE-2026-33870",
"ghsa-33mh-2634-fwr2",
"ghsa-3m6g-2423-7cp3",
"ghsa-72hv-8253-57qq",
"ghsa-j288-q9x7-2f5v",
"ghsa-j4pr-3wm6-xx2r",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-wx95-c6cv-8532"
]
}
cleanstart-2026-fa60324
Vulnerability from cleanstart
Published
2026-04-15 00:42
Modified
2026-04-14 09:27
Summary
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session
Details
Multiple security vulnerabilities affect the keycloak package. It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.5.6-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-FA60324",
"modified": "2026-04-14T09:27:59Z",
"published": "2026-04-15T00:42:39.375533Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FA60324.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12159"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5rfx-cp42-p624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cbdj-484d-3x9q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session",
"upstream": [
"CVE-2017-12158",
"CVE-2017-12159",
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-5rfx-cp42-p624",
"ghsa-72hv-8253-57qq",
"ghsa-84h7-rjj3-6jx4",
"ghsa-9342-92gg-6v29",
"ghsa-cbdj-484d-3x9q",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-w9fj-cfpg-grvv"
]
}
cleanstart-2026-fo41609
Vulnerability from cleanstart
Published
2026-04-01 10:02
Modified
2026-03-10 06:14
Summary
Security fixes for CVE-2025-48924, ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 8.19.12-r0, 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2
Details
Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.3.0-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-FO41609",
"modified": "2026-03-10T06:14:42Z",
"published": "2026-04-01T10:02:50.908381Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FO41609.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-33mh-2634-fwr2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vqg5-3255-v292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-48924, ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 8.19.12-r0, 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2",
"upstream": [
"CVE-2025-48924",
"ghsa-22h5-pq3x-2gf2",
"ghsa-33mh-2634-fwr2",
"ghsa-4cx2-fc23-5wg6",
"ghsa-6xw4-3v39-52mm",
"ghsa-72hv-8253-57qq",
"ghsa-72qj-48g4-5xgx",
"ghsa-c2f4-jgmc-q2r5",
"ghsa-gh9q-2xrm-x6qv",
"ghsa-j288-q9x7-2f5v",
"ghsa-j4pr-3wm6-xx2r",
"ghsa-mhwm-jh88-3gjf",
"ghsa-mr3q-g2mv-mr4q",
"ghsa-p543-xpfm-54cp",
"ghsa-vc5p-v9hr-52mj",
"ghsa-vqg5-3255-v292",
"ghsa-w9pc-fmgc-vxvw",
"ghsa-wpv5-97wm-hp9c"
]
}
cleanstart-2026-ge08280
Vulnerability from cleanstart
Published
2026-04-09 01:01
Modified
2026-04-08 08:04
Summary
Ruby JSON is a JSON implementation for Ruby
Details
Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.2.6-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. Ruby JSON is a JSON implementation for Ruby. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-GE08280",
"modified": "2026-04-08T08:04:46Z",
"published": "2026-04-09T01:01:38.909372Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GE08280.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-45993"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-31344"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61770"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61771"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61772"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-67130"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25500"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33210"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2xgq-q749-89fq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3m6g-2423-7cp3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j4pr-3wm6-xx2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mxw3-3hh2-x2mh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vqg5-3255-v292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-whrj-4476-wvmp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45993"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31344"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67130"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25500"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33210"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Ruby JSON is a JSON implementation for Ruby",
"upstream": [
"CVE-2024-45993",
"CVE-2025-31344",
"CVE-2025-48924",
"CVE-2025-61726",
"CVE-2025-61728",
"CVE-2025-61770",
"CVE-2025-61771",
"CVE-2025-61772",
"CVE-2025-61919",
"CVE-2025-67130",
"CVE-2025-68121",
"CVE-2025-68161",
"CVE-2026-25500",
"CVE-2026-33210",
"ghsa-22h5-pq3x-2gf2",
"ghsa-2xgq-q749-89fq",
"ghsa-3m6g-2423-7cp3",
"ghsa-4cx2-fc23-5wg6",
"ghsa-6xw4-3v39-52mm",
"ghsa-72qj-48g4-5xgx",
"ghsa-c2f4-jgmc-q2r5",
"ghsa-gh9q-2xrm-x6qv",
"ghsa-j288-q9x7-2f5v",
"ghsa-j4pr-3wm6-xx2r",
"ghsa-mhwm-jh88-3gjf",
"ghsa-mr3q-g2mv-mr4q",
"ghsa-mxw3-3hh2-x2mh",
"ghsa-p543-xpfm-54cp",
"ghsa-vc5p-v9hr-52mj",
"ghsa-vqg5-3255-v292",
"ghsa-w9pc-fmgc-vxvw",
"ghsa-whrj-4476-wvmp",
"ghsa-wpv5-97wm-hp9c"
]
}
cleanstart-2026-gh89210
Vulnerability from cleanstart
Published
2026-05-18 13:15
Modified
2026-05-13 14:13
Summary
Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4
Details
Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "cassandra-reaper-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.1-r4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-GH89210",
"modified": "2026-05-13T14:13:05Z",
"published": "2026-05-18T13:15:02.086653Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GH89210.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-0886"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-1471"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-38752"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41854"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12798"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12801"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-47535"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-9823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1225"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-23901"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44432"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-389x-839f-4rhx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6mjq-h674-j845"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9h6p-92jq-888x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9w3m-gqgf-c4p9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c4qc-4q9p-m9q9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-g8m5-722r-8whq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gc5v-m9x4-r6x2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h46c-h94j-95f3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j26w-f9rq-mr2q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jc7h-c423-mpjc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mjmj-j48q-9wg2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q4rv-gq96-w7c5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qh8g-58pp-2wxh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w37g-rhq8-7m4j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wjpw-4j6x-6rwh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wxr5-93ph-8wr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0886"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12798"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12801"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1225"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23901"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4",
"upstream": [
"CVE-2015-0886",
"CVE-2020-8908",
"CVE-2022-1471",
"CVE-2022-24823",
"CVE-2022-38752",
"CVE-2022-41854",
"CVE-2023-2976",
"CVE-2023-34462",
"CVE-2024-12798",
"CVE-2024-12801",
"CVE-2024-13009",
"CVE-2024-47535",
"CVE-2024-6763",
"CVE-2024-8184",
"CVE-2024-9823",
"CVE-2025-11143",
"CVE-2025-24970",
"CVE-2025-25193",
"CVE-2025-48734",
"CVE-2025-48924",
"CVE-2025-52999",
"CVE-2025-58057",
"CVE-2026-1225",
"CVE-2026-23901",
"CVE-2026-44431",
"CVE-2026-44432",
"ghsa-25qh-j22f-pwp8",
"ghsa-389x-839f-4rhx",
"ghsa-3p8m-j85q-pgmj",
"ghsa-4g8c-wm8x-jfhw",
"ghsa-5mg8-w23w-74h3",
"ghsa-6mjq-h674-j845",
"ghsa-6v67-2wr5-gvf4",
"ghsa-72hv-8253-57qq",
"ghsa-7g45-4rm6-3mm3",
"ghsa-9h6p-92jq-888x",
"ghsa-9w3m-gqgf-c4p9",
"ghsa-c4qc-4q9p-m9q9",
"ghsa-g8m5-722r-8whq",
"ghsa-gc5v-m9x4-r6x2",
"ghsa-h46c-h94j-95f3",
"ghsa-j26w-f9rq-mr2q",
"ghsa-j288-q9x7-2f5v",
"ghsa-jc7h-c423-mpjc",
"ghsa-mf9v-mfxr-j63j",
"ghsa-mjmj-j48q-9wg2",
"ghsa-pr98-23f8-jwxv",
"ghsa-q4rv-gq96-w7c5",
"ghsa-qccp-gfcp-xxvc",
"ghsa-qh8g-58pp-2wxh",
"ghsa-qqpg-mvqg-649v",
"ghsa-w37g-rhq8-7m4j",
"ghsa-wjpw-4j6x-6rwh",
"ghsa-wxr5-93ph-8wr9",
"ghsa-xq3w-v528-46rv"
]
}
cleanstart-2026-gx01236
Vulnerability from cleanstart
Published
2026-05-18 13:18
Modified
2026-05-13 10:46
Summary
Security fixes for CVE-2017-12158, CVE-2017-12159, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cbdj-484d-3x9q, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-pwqr-wmgm-9rr8, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp applied in versions: 26.1.4-r1, 26.5.0-r0, 26.5.0-r1, 26.5.0-r2, 26.5.5-r0, 26.5.5-r1, 26.5.6-r3
Details
Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.5.6-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-GX01236",
"modified": "2026-05-13T10:46:16Z",
"published": "2026-05-18T13:18:58.023725Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GX01236.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12159"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5rfx-cp42-p624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-98qh-xjc8-98pq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cbdj-484d-3x9q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-12158, CVE-2017-12159, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cbdj-484d-3x9q, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-pwqr-wmgm-9rr8, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp applied in versions: 26.1.4-r1, 26.5.0-r0, 26.5.0-r1, 26.5.0-r2, 26.5.5-r0, 26.5.5-r1, 26.5.6-r3",
"upstream": [
"CVE-2017-12158",
"CVE-2017-12159",
"CVE-2026-41417",
"CVE-2026-42198",
"CVE-2026-42577",
"CVE-2026-42578",
"CVE-2026-42579",
"CVE-2026-42580",
"CVE-2026-42581",
"CVE-2026-42583",
"CVE-2026-42584",
"CVE-2026-42585",
"CVE-2026-42587",
"CVE-2026-5588",
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-5rfx-cp42-p624",
"ghsa-72hv-8253-57qq",
"ghsa-84h7-rjj3-6jx4",
"ghsa-9342-92gg-6v29",
"ghsa-98qh-xjc8-98pq",
"ghsa-c3fc-8qff-9hwx",
"ghsa-cbdj-484d-3x9q",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-v8h7-rr48-vmmv",
"ghsa-w9fj-cfpg-grvv",
"ghsa-wg6q-6289-32hp"
]
}
cleanstart-2026-iw08736
Vulnerability from cleanstart
Published
2026-04-09 00:53
Modified
2026-04-08 09:19
Summary
Uncontrolled Recursion vulnerability in Apache Commons Lang
Details
Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "logstash-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.2.6-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the logstash-fips package. Uncontrolled Recursion vulnerability in Apache Commons Lang. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-IW08736",
"modified": "2026-04-08T09:19:34Z",
"published": "2026-04-09T00:53:08.467045Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-IW08736.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61770"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61771"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61772"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25500"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-22h5-pq3x-2gf2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2xgq-q749-89fq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3m6g-2423-7cp3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6xw4-3v39-52mm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72qj-48g4-5xgx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2f4-jgmc-q2r5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh9q-2xrm-x6qv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mhwm-jh88-3gjf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mr3q-g2mv-mr4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mxw3-3hh2-x2mh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p543-xpfm-54cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vc5p-v9hr-52mj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vqg5-3255-v292"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9pc-fmgc-vxvw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-whrj-4476-wvmp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wpv5-97wm-hp9c"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61770"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61771"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61772"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25500"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Uncontrolled Recursion vulnerability in Apache Commons Lang",
"upstream": [
"CVE-2025-48924",
"CVE-2025-61770",
"CVE-2025-61771",
"CVE-2025-61772",
"CVE-2025-61919",
"CVE-2026-25500",
"ghsa-22h5-pq3x-2gf2",
"ghsa-2xgq-q749-89fq",
"ghsa-3m6g-2423-7cp3",
"ghsa-4cx2-fc23-5wg6",
"ghsa-6xw4-3v39-52mm",
"ghsa-72qj-48g4-5xgx",
"ghsa-c2f4-jgmc-q2r5",
"ghsa-gh9q-2xrm-x6qv",
"ghsa-j288-q9x7-2f5v",
"ghsa-mhwm-jh88-3gjf",
"ghsa-mr3q-g2mv-mr4q",
"ghsa-mxw3-3hh2-x2mh",
"ghsa-p543-xpfm-54cp",
"ghsa-vc5p-v9hr-52mj",
"ghsa-vqg5-3255-v292",
"ghsa-w9pc-fmgc-vxvw",
"ghsa-whrj-4476-wvmp",
"ghsa-wpv5-97wm-hp9c"
]
}
cleanstart-2026-kc06018
Vulnerability from cleanstart
Published
2026-04-06 02:52
Modified
2026-04-01 11:37
Summary
Security fixes for CVE-2017-12158, CVE-2017-12159, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-cbdj-484d-3x9q, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-pwqr-wmgm-9rr8, ghsa-w9fj-cfpg-grvv applied in versions: 26.1.4-r1, 26.5.0-r0, 26.5.0-r1, 26.5.0-r2, 26.5.6-r3
Details
Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.5.6-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-KC06018",
"modified": "2026-04-01T11:37:49Z",
"published": "2026-04-06T02:52:37.677608Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KC06018.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-12159"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5rfx-cp42-p624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cbdj-484d-3x9q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-12158, CVE-2017-12159, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-cbdj-484d-3x9q, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-pwqr-wmgm-9rr8, ghsa-w9fj-cfpg-grvv applied in versions: 26.1.4-r1, 26.5.0-r0, 26.5.0-r1, 26.5.0-r2, 26.5.6-r3",
"upstream": [
"CVE-2017-12158",
"CVE-2017-12159",
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-5rfx-cp42-p624",
"ghsa-72hv-8253-57qq",
"ghsa-84h7-rjj3-6jx4",
"ghsa-9342-92gg-6v29",
"ghsa-cbdj-484d-3x9q",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-w9fj-cfpg-grvv"
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…