CVE-2022-22978

all versions

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be mi

9.8CRITICAL

CVE-2022-22976

all versions

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow

5.3MEDIUM

CVE-2022-22971

all versions

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endp

6.5MEDIUM

CVE-2022-22970

all versions

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vu

5.3MEDIUM

CVE-2022-24823

all versions

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to

5.5MEDIUM

CVE-2022-25647

all versions

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() meth

7.7HIGH

CVE-2020-36518

all versions

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

7.5HIGH

CVE-2021-38296

all versions

Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In ver

7.5HIGH

CVE-2022-23181

all versions

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.

7.0HIGH

CVE-2022-23437

all versions

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads.

6.5MEDIUM

CVE-2021-41303

all versions

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication

9.8CRITICAL

CVE-2021-37714

all versions

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vu

7.5HIGH

CVE-2021-34429

all versions

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to acce

5.3MEDIUM

CVE-2021-36090

all versions

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-35517

all versions

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-35516

all versions

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out

7.5HIGH

CVE-2021-35515

all versions

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi

7.5HIGH

CVE-2021-23337

all versions

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

7.2HIGH

CVE-2020-28500

all versions

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd

5.3MEDIUM

CVE-2020-9492

all versions

In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization

8.8HIGH

CVE-2020-7712

all versions

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

7.2HIGH

CVE-2018-1273

all versions

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vu

9.8CRITICAL