OSV - Open Source Vulnerabilities

GHSA-w35j-pv5h-q9q9

Maven/org.apache.logging.log4j:log4j-layout-template-json

Apache Log4j's JsonTemplateLayout produces invalid JSON output when log events contain non-finite floating-point values

23 hours ago

Fix available
Severity - 6.3 (Medium)

GHSA-3pxv-7cmr-fjr4

Maven/org.apache.logging.log4j:log4j-core

Apache Log4j Core's XmlLayout fails to sanitize characters

23 hours ago

Fix available
Severity - 6.9 (Medium)

GHSA-5568-6qcg-g7fx

Maven/org.apache.activemq:activemq-all
Maven/org.apache.activemq:activemq-broker
Maven/org.apache.activemq:activemq-client
Maven/org.apache.activemq:apache-activemq

Apache ActiveMQ: Denial of Service via Out of Memory vulnerability

yesterday

Fix available
Severity - 7.5 (High)

GHSA-hwqh-2684-54fc

Maven/org.springframework.cloud:spring-cloud-gateway

Spring Cloud Gateway's SSL bundle configuration silently bypassed

yesterday

Fix available
Severity - 7.5 (High)

GHSA-24j9-x2wg-9qv6

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat: CLIENT_CERT authentication does not fail as expected

yesterday

Fix available
Severity - 6.5 (Medium)

GHSA-69r9-qgr7-g2wj

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat Missing Encryption of Sensitive Data vulnerability

yesterday

Fix available
Severity - 7.5 (High)

GHSA-rv64-5gf8-9qq8

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve

yesterday

Fix available
Severity - 7.5 (High)

GHSA-x4m4-345f-5h5g

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File

yesterday

Fix available
Severity - 7.5 (High)

GHSA-563x-q5rq-57qp

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat has an HTTP Request/Response Smuggling vulnerability

yesterday

Fix available
Severity - 7.5 (High)

GHSA-69cc-cv78-qc8g

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat: Configured cipher preference order not preserved

yesterday

Fix available
Severity - 7.5 (High)

GHSA-8mc5-53m5-3qj2

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat has an Improper Input Validation vulnerability

yesterday

Fix available
Severity - 6.9 (Medium)

GHSA-95jq-rwvf-vjx4

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat: CLIENT_CERT authentication does not fail as expected

yesterday

Fix available
Severity - 9.1 (Critical)

GHSA-9m3c-qcxr-9x87

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat has an Open Redirect vulnerability

yesterday

Fix available
Severity - 6.9 (Medium)

GHSA-h468-7pvh-8vr8

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor

yesterday

Fix available
Severity - 8.7 (High)

GHSA-gcvm-c75m-h4p4

Maven/org.apache.openmeetings:openmeetings-parent

Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings

yesterday

Fix available
Severity - 8.7 (High)

GHSA-xvqc-pp94-fmpx

Maven/org.apache.activemq:activemq-all
Maven/org.apache.activemq:activemq-mqtt
Maven/org.apache.activemq:apache-activemq

Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT vulnerable to Integer Overflow or Wraparound

yesterday

Fix available
Severity - 5.4 (Medium)