OSV - Open Source Vulnerabilities

GHSA-cmxv-58fp-fm3g

Maven/org.asynchttpclient:async-http-client

AsyncHttpClient leaks authorization credentialsto untrusted domains on cross-origin redirects

20 hours ago

Fix available
Severity - 6.8 (Medium)

GHSA-r7p8-xq5m-436c

Maven/org.eclipse.jetty.ee10:jetty-ee10-jaspi
Maven/org.eclipse.jetty.ee11:jetty-ee11-jaspi
Maven/org.eclipse.jetty.ee8:jetty-ee8-jaspi
Maven/org.eclipse.jetty.ee9:jetty-ee9-jaspi
Maven/org.eclipse.jetty:jetty-jaspi

Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables

21 hours ago

Fix available
Severity - 7.4 (High)

GHSA-3p24-9x7v-7789

Maven/gov.nsa.emissary:emissary

Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix

yesterday

Fix available
Severity - 8.8 (High)

GHSA-822v-8w6h-5jxp

Maven/org.dromara.warm:warm-flow-plugin-modes-sb

Warm-Flow has a SpEL Expression Injection in SpelHelper.parseExpression

2 days ago

Fix available
Severity - 2.1 (Low)

GHSA-h383-gmxw-35v2

Maven/org.apache.logging.log4j:log4j-1.2-api

Apache Log4j 1 to Log4j 2 bridge: silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters

4 days ago

Fix available
Severity - 6.9 (Medium)

GHSA-w35j-pv5h-q9q9

Maven/org.apache.logging.log4j:log4j-layout-template-json

Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

4 days ago

Fix available
Severity - 6.3 (Medium)

GHSA-3pxv-7cmr-fjr4

Maven/org.apache.logging.log4j:log4j-core

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

4 days ago

Fix available
Severity - 6.9 (Medium)

GHSA-445c-vh5m-36rj

Maven/org.apache.logging.log4j:log4j-core

Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility

4 days ago

Fix available
Severity - 6.9 (Medium)

GHSA-6hg6-v5c8-fphq

Maven/org.apache.logging.log4j:log4j-core

Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration

4 days ago

Fix available
Severity - 6.3 (Medium)

GHSA-5568-6qcg-g7fx

Maven/org.apache.activemq:activemq-all
Maven/org.apache.activemq:activemq-broker
Maven/org.apache.activemq:activemq-client
Maven/org.apache.activemq:apache-activemq

Apache ActiveMQ: Denial of Service via Out of Memory vulnerability

4 days ago

Fix available
Severity - 7.5 (High)

GHSA-hwqh-2684-54fc

Maven/org.springframework.cloud:spring-cloud-gateway

Spring Cloud Gateway's SSL bundle configuration silently bypassed

4 days ago

Fix available
Severity - 7.5 (High)

GHSA-24j9-x2wg-9qv6

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat: CLIENT_CERT authentication does not fail as expected

5 days ago

Fix available
Severity - 6.5 (Medium)

GHSA-69r9-qgr7-g2wj

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat Missing Encryption of Sensitive Data vulnerability

5 days ago

Fix available
Severity - 7.5 (High)

GHSA-rv64-5gf8-9qq8

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve

5 days ago

Fix available
Severity - 7.5 (High)

GHSA-x4m4-345f-5h5g

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File

5 days ago

Fix available
Severity - 7.5 (High)

GHSA-563x-q5rq-57qp

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat has an HTTP Request/Response Smuggling vulnerability

5 days ago

Fix available
Severity - 7.5 (High)