--- hide: - toc --- # Security Overview ## Helm-Chart ##### Scan Results #### Chart Object: davos/templates/common.yaml | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |

Expand...

A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.

Container 'hostpatch' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.allowPrivilegeEscalation' to false

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001

| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |

Expand...

The container should drop all default capabilities and add only those that are needed for its execution.

Container 'RELEASE-NAME-davos' of Deployment 'RELEASE-NAME-davos' should add 'ALL' to 'securityContext.capabilities.drop'

Expand...

https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003

| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |

Expand...

The container should drop all default capabilities and add only those that are needed for its execution.

Container 'hostpatch' of Deployment 'RELEASE-NAME-davos' should add 'ALL' to 'securityContext.capabilities.drop'

Expand...

https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003

| | Kubernetes Security Check | KSV011 | CPU not limited | LOW |

Expand...

Enforcing CPU limits prevents DoS via resource exhaustion.

Container 'hostpatch' of Deployment 'RELEASE-NAME-davos' should set 'resources.limits.cpu'

Expand...

https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011

Expand...

'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'RELEASE-NAME-davos' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.runAsNonRoot' to true

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012

Expand...

'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.runAsNonRoot' to true

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012

Expand...

'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'hostpatch' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.runAsNonRoot' to true

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'RELEASE-NAME-davos' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

Container 'autopermissions' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

Container 'hostpatch' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV015 | CPU requests not specified | LOW |

Expand...

When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.

Container 'hostpatch' of Deployment 'RELEASE-NAME-davos' should set 'resources.requests.cpu'

Expand...

https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015

| | Kubernetes Security Check | KSV016 | Memory requests not specified | LOW |

Expand...

When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.

Container 'hostpatch' of Deployment 'RELEASE-NAME-davos' should set 'resources.requests.memory'

Expand...

https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv016

Expand...

Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.

Container 'hostpatch' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.privileged' to false

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017

| | Kubernetes Security Check | KSV018 | Memory not limited | LOW |

Expand...

Enforcing memory limits prevents DoS via resource exhaustion.

Container 'hostpatch' of Deployment 'RELEASE-NAME-davos' should set 'resources.limits.memory'

Expand...

https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv018

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-davos' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'hostpatch' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-davos' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'hostpatch' of Deployment 'RELEASE-NAME-davos' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

HostPath volumes must be forbidden.

Deployment 'RELEASE-NAME-davos' should not set 'spec.template.volumes.hostPath'

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv023

| | Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |

Expand...

Containers should be forbidden from running with a root primary or supplementary GID.

Deployment 'RELEASE-NAME-davos' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029

| ## Containers ##### Detected Containers tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 tccr.io/truecharts/davos:v2.2.1-ls76@sha256:f9359583fb20278b436e7b018ee244f2cce1480d6834775f19e9da3503dd0e9b ##### Scan Results #### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |

Expand...

https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391

| | ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |

Expand...

| | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |

Expand...

http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3

| #### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |

Expand...

| | ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |

Expand...

| | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |

Expand...

| #### Container: Java **jar** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.fasterxml.jackson.core:jackson-databind | CVE-2017-15095 | CRITICAL | 2.8.4 | 2.7.9.2, 2.8.10, 2.9.1 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2017-17485 | CRITICAL | 2.8.4 | 2.8.11, 2.9.4 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2017-7525 | CRITICAL | 2.8.4 | 2.6.7.1, 2.7.9.1, 2.8.9 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-11307 | CRITICAL | 2.8.4 | 2.7.9.4, 2.8.11.2, 2.9.6 |

Expand...

https://access.redhat.com/errata/RHSA-2019:0782
https://access.redhat.com/errata/RHSA-2019:1822
https://access.redhat.com/errata/RHSA-2019:1823
https://access.redhat.com/errata/RHSA-2019:2804
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:3002
https://access.redhat.com/errata/RHSA-2019:3140
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2019:4037
https://access.redhat.com/security/cve/CVE-2018-11307
https://github.com/FasterXML/jackson-databind/issues/2032
https://github.com/advisories/GHSA-qr7j-h6gg-jmgc
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://nvd.nist.gov/vuln/detail/CVE-2017-7525
https://nvd.nist.gov/vuln/detail/CVE-2018-11307
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-14718 | CRITICAL | 2.8.4 | 2.6.7.2, 2.9.7 |

Expand...

http://www.securityfocus.com/bid/106601
https://access.redhat.com/errata/RHBA-2019:0959
https://access.redhat.com/errata/RHSA-2019:0782
https://access.redhat.com/errata/RHSA-2019:0877
https://access.redhat.com/errata/RHSA-2019:1782
https://access.redhat.com/errata/RHSA-2019:1797
https://access.redhat.com/errata/RHSA-2019:1822
https://access.redhat.com/errata/RHSA-2019:1823
https://access.redhat.com/errata/RHSA-2019:2804
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:3002
https://access.redhat.com/errata/RHSA-2019:3140
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/errata/RHSA-2019:3892
https://access.redhat.com/errata/RHSA-2019:4037
https://access.redhat.com/security/cve/CVE-2018-14718
https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
https://github.com/FasterXML/jackson-databind/issues/2097
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7
https://github.com/advisories/GHSA-645p-88qh-w398
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/6a78f88716c3c57aa74ec05764a37ab3874769a347805903b393b286@%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/82b01bfb6787097427ce97cec6a7127e93718bc05d1efd5eaffc228f@%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/ba973114605d936be276ee6ce09dfbdbf78aa56f6cdc6e79bfa7b8df@%3Cdev.lucene.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r1d4a247329a8478073163567bbc8c8cb6b49c6bfc2bf58153a857af1@%3Ccommits.druid.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/03/msg00005.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14718
https://seclists.org/bugtraq/2019/May/68
https://security.netapp.com/advisory/ntap-20190530-0003/
https://www.debian.org/security/2019/dsa-4452
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-14719 | CRITICAL | 2.8.4 | 2.6.7.2, 2.9.7 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-14720 | CRITICAL | 2.8.4 | 2.6.7.2, 2.9.7 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-14721 | CRITICAL | 2.8.4 | 2.6.7.2, 2.9.7 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-19360 | CRITICAL | 2.8.4 | 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.8 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-19361 | CRITICAL | 2.8.4 | 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.8 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-19362 | CRITICAL | 2.8.4 | 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.8 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-7489 | CRITICAL | 2.8.4 | 2.7.9.3, 2.8.11.1, 2.9.5 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-14379 | CRITICAL | 2.8.4 | 2.7.9.6, 2.8.11.4, 2.9.9.2 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-14540 | CRITICAL | 2.8.4 | 2.9.10 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-14892 | CRITICAL | 2.8.4 | 2.6.7.3, 2.8.11.5, 2.9.10 |

Expand...

https://access.redhat.com/errata/RHSA-2020:0729
https://access.redhat.com/security/cve/CVE-2019-14892
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14892
https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65a8261a8deedc7186f6af
https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b
https://github.com/FasterXML/jackson-databind/issues/2462
https://github.com/advisories/GHSA-cf6r-3wgc-h863
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-14892
https://security.netapp.com/advisory/ntap-20200904-0005/

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-14893 | CRITICAL | 2.8.4 | 2.8.11.5, 2.9.10 |

Expand...

https://access.redhat.com/errata/RHSA-2020:0729
https://access.redhat.com/security/cve/CVE-2019-14893
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893
https://github.com/FasterXML/jackson-databind/commit/998efd708284778f29d83d7962a9bd935c228317
https://github.com/FasterXML/jackson-databind/issues/2469
https://github.com/advisories/GHSA-qmqc-x3r4-6v39
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-14893
https://security.netapp.com/advisory/ntap-20200327-0006/
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-16335 | CRITICAL | 2.8.4 | 2.9.10 |

Expand...

https://access.redhat.com/errata/RHSA-2019:3200
https://access.redhat.com/errata/RHSA-2020:0159
https://access.redhat.com/errata/RHSA-2020:0160
https://access.redhat.com/errata/RHSA-2020:0161
https://access.redhat.com/errata/RHSA-2020:0164
https://access.redhat.com/errata/RHSA-2020:0445
https://access.redhat.com/errata/RHSA-2020:0729
https://access.redhat.com/security/cve/CVE-2019-16335
https://github.com/FasterXML/jackson-databind/issues/2449
https://github.com/advisories/GHSA-85cw-hj65-qqv9
https://linux.oracle.com/cve/CVE-2019-16335.html
https://linux.oracle.com/errata/ELSA-2020-1644.html
https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E
https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1bd77df28db597cbf27e1@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/a360b46061c91c5cad789b6c3190aef9b9f223a2b75c9c9f046fe016@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/ad0d238e97a7da5eca47a014f0f7e81f440ed6bf74a93183825e18b9@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/dc6b5cad721a4f6b3b62ed1163894941140d9d5656140fb757505ca0@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/e90c3feb21702e68a8c08afce37045adb3870f2bf8223fa403fb93fb@%3Ccommits.hbase.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
https://nvd.nist.gov/vuln/detail/CVE-2019-16335
https://seclists.org/bugtraq/2019/Oct/6
https://security.netapp.com/advisory/ntap-20191004-0002/
https://www.debian.org/security/2019/dsa-4542
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-16942 | CRITICAL | 2.8.4 | 2.9.10.1 |

Expand...

https://access.redhat.com/errata/RHSA-2019:3901
https://access.redhat.com/errata/RHSA-2020:0159
https://access.redhat.com/errata/RHSA-2020:0160
https://access.redhat.com/errata/RHSA-2020:0161
https://access.redhat.com/errata/RHSA-2020:0164
https://access.redhat.com/errata/RHSA-2020:0445
https://access.redhat.com/security/cve/CVE-2019-16942
https://github.com/FasterXML/jackson-databind/issues/2478
https://github.com/advisories/GHSA-mx7p-6679-8g3q
https://issues.apache.org/jira/browse/GEODE-7255
https://linux.oracle.com/cve/CVE-2019-16942.html
https://linux.oracle.com/errata/ELSA-2020-1644.html
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/7782a937c9259a58337ee36b2961f00e2d744feafc13084e176d0df5@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b2e23c94f9dfef53e04c492e5d02e5c75201734be7adc73a49ef2370@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://nvd.nist.gov/vuln/detail/CVE-2019-16942
https://seclists.org/bugtraq/2019/Oct/6
https://security.netapp.com/advisory/ntap-20191017-0006/
https://www.debian.org/security/2019/dsa-4542
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-16943 | CRITICAL | 2.8.4 | 2.9.10.1 |

Expand...

https://access.redhat.com/errata/RHSA-2020:0159
https://access.redhat.com/errata/RHSA-2020:0160
https://access.redhat.com/errata/RHSA-2020:0161
https://access.redhat.com/errata/RHSA-2020:0164
https://access.redhat.com/errata/RHSA-2020:0445
https://access.redhat.com/security/cve/CVE-2019-16943
https://github.com/FasterXML/jackson-databind/issues/2478
https://github.com/advisories/GHSA-fmmc-742q-jg75
https://linux.oracle.com/cve/CVE-2019-16943.html
https://linux.oracle.com/errata/ELSA-2020-1644.html
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E
https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://nvd.nist.gov/vuln/detail/CVE-2019-16943
https://seclists.org/bugtraq/2019/Oct/6
https://security.netapp.com/advisory/ntap-20191017-0006/
https://www.debian.org/security/2019/dsa-4542
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-17267 | CRITICAL | 2.8.4 | 2.9.10 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-17531 | CRITICAL | 2.8.4 | 2.9.10.1 |

Expand...

https://access.redhat.com/errata/RHSA-2019:4192
https://access.redhat.com/errata/RHSA-2020:0159
https://access.redhat.com/errata/RHSA-2020:0160
https://access.redhat.com/errata/RHSA-2020:0161
https://access.redhat.com/errata/RHSA-2020:0164
https://access.redhat.com/errata/RHSA-2020:0445
https://access.redhat.com/security/cve/CVE-2019-17531
https://github.com/FasterXML/jackson-databind/issues/2498
https://github.com/advisories/GHSA-gjmw-vf9h-g25v
https://linux.oracle.com/cve/CVE-2019-17531.html
https://linux.oracle.com/errata/ELSA-2020-1644.html
https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://nvd.nist.gov/vuln/detail/CVE-2019-17531
https://security.netapp.com/advisory/ntap-20191024-0005/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-20330 | CRITICAL | 2.8.4 | 2.8.11.5, 2.9.10.2 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2020-8840 | CRITICAL | 2.8.4 | 2.7.9.7, 2.8.11.5, 2.9.10.3 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2020-9546 | CRITICAL | 2.8.4 | 2.7.9.7, 2.8.11.6, 2.9.10.4 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-9546
https://github.com/FasterXML/jackson-databind/issues/2631
https://github.com/advisories/GHSA-5p34-5m6p-p58g
https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://nvd.nist.gov/vuln/detail/CVE-2020-9546
https://security.netapp.com/advisory/ntap-20200904-0006/
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2020-9547 | CRITICAL | 2.8.4 | 2.7.9.7, 2.8.11.6, 2.9.10.4 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2020-9548 | CRITICAL | 2.8.4 | 2.7.9.7, 2.8.11.6, 2.9.10.4 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-9548
https://github.com/FasterXML/jackson-databind/issues/2634
https://github.com/advisories/GHSA-p43x-xfjf-5jhr
https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://nvd.nist.gov/vuln/detail/CVE-2020-9548
https://security.netapp.com/advisory/ntap-20200904-0006/
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-12022 | HIGH | 2.8.4 | 2.7.9.4, 2.8.11.2, 2.9.6 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-12023 | HIGH | 2.8.4 | 2.7.9.4, 2.8.11.2, 2.9.6 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-5968 | HIGH | 2.8.4 | 2.7.9.5, 2.8.11.1, 2.9.4 |

Expand...

https://access.redhat.com/errata/RHSA-2018:0478
https://access.redhat.com/errata/RHSA-2018:0479
https://access.redhat.com/errata/RHSA-2018:0480
https://access.redhat.com/errata/RHSA-2018:0481
https://access.redhat.com/errata/RHSA-2018:1525
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:3149
https://access.redhat.com/security/cve/CVE-2018-5968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968
https://github.com/FasterXML/jackson-databind/issues/1899
https://github.com/GulajavaMinistudio/jackson-databind/pull/92/commits/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
https://github.com/advisories/GHSA-w3f4-3q6j-rh82
https://nvd.nist.gov/vuln/detail/CVE-2018-5968
https://security.netapp.com/advisory/ntap-20180423-0002/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
https://www.debian.org/security/2018/dsa-4114
https://www.oracle.com/security-alerts/cpuoct2020.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-12086 | HIGH | 2.8.4 | 2.7.9.6, 2.8.11.4, 2.9.9 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-14439 | HIGH | 2.8.4 | 2.7.9.6, 2.8.11.4, 2.9.9.2 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2020-10969 | HIGH | 2.8.4 | 2.7.9.7, 2.8.11.6, 2.9.10.4 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-10969
https://github.com/FasterXML/jackson-databind/issues/2642
https://github.com/advisories/GHSA-758m-v56v-grj4
https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://nvd.nist.gov/vuln/detail/CVE-2020-10969
https://security.netapp.com/advisory/ntap-20200403-0002/
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2020-35490 | HIGH | 2.8.4 | 2.9.10.8 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-35490
https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35490
https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
https://github.com/FasterXML/jackson-databind/issues/2986
https://github.com/advisories/GHSA-wh8g-3j2c-rqj5
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
https://nvd.nist.gov/vuln/detail/CVE-2020-35490
https://security.netapp.com/advisory/ntap-20210122-0005/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2020-35491 | HIGH | 2.8.4 | 2.9.10.8 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-35491
https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35491
https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
https://github.com/FasterXML/jackson-databind/issues/2986
https://github.com/advisories/GHSA-r3gr-cxrf-hg25
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html
https://nvd.nist.gov/vuln/detail/CVE-2020-35491
https://security.netapp.com/advisory/ntap-20210122-0005/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2020-36518 | HIGH | 2.8.4 | 2.12.6.1, 2.13.2.1 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-36518
https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b
https://github.com/FasterXML/jackson-databind/issues/2816
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13
https://github.com/advisories/GHSA-57j2-w4cx-62h2
https://nvd.nist.gov/vuln/detail/CVE-2020-36518
https://www.oracle.com/security-alerts/cpuapr2022.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2018-1000873 | MEDIUM | 2.8.4 | 2.9.8 |

Expand...

https://access.redhat.com/security/cve/CVE-2018-1000873
https://bugzilla.redhat.com/show_bug.cgi?id=1665601
https://github.com/FasterXML/jackson-modules-java8/issues/90
https://github.com/FasterXML/jackson-modules-java8/pull/87
https://github.com/advisories/GHSA-h4x4-5qp2-wp46
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2018-1000873
https://security.netapp.com/advisory/ntap-20200904-0004/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-12384 | MEDIUM | 2.8.4 | 2.7.9.6, 2.8.11.4, 2.9.9.1 |

Expand...

| | com.fasterxml.jackson.core:jackson-databind | CVE-2019-12814 | MEDIUM | 2.8.4 | 2.7.9.6, 2.8.11.4, 2.9.9.1 |

Expand...

| | com.h2database:h2 | CVE-2021-23463 | CRITICAL | 1.4.193 | 2.0.202 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-23463
https://github.com/advisories/GHSA-7rpj-hg47-cx62
https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3
https://github.com/h2database/h2database/issues/3195
https://github.com/h2database/h2database/pull/3199
https://nvd.nist.gov/vuln/detail/CVE-2021-23463
https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238
https://www.oracle.com/security-alerts/cpuapr2022.html

| | com.h2database:h2 | CVE-2021-42392 | CRITICAL | 1.4.193 | 2.0.206 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-42392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42392
https://github.com/advisories/GHSA-h376-j262-vhq6
https://github.com/h2database/h2database/releases/tag/version-2.0.206
https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html
https://nvd.nist.gov/vuln/detail/CVE-2021-42392
https://security.netapp.com/advisory/ntap-20220119-0001/
https://ubuntu.com/security/notices/USN-5365-1
https://www.debian.org/security/2022/dsa-5076
https://www.oracle.com/security-alerts/cpuapr2022.html

| | com.h2database:h2 | CVE-2022-23221 | CRITICAL | 1.4.193 | 2.1.210 |

Expand...

http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2022/Jan/39
https://access.redhat.com/security/cve/CVE-2022-23221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23221
https://github.com/advisories/GHSA-45hx-wfhj-473x
https://github.com/h2database/h2database/releases/tag/version-2.1.210
https://github.com/h2database/h2database/security/advisories
https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html
https://nvd.nist.gov/vuln/detail/CVE-2022-23221
https://twitter.com/d0nkey_man/status/1483824727936450564
https://ubuntu.com/security/notices/USN-5365-1
https://www.debian.org/security/2022/dsa-5076
https://www.oracle.com/security-alerts/cpuapr2022.html

| | com.h2database:h2 | GMS-2022-7 | UNKNOWN | 1.4.193 | 2.0.206 |

Expand...

https://github.com/advisories/GHSA-h376-j262-vhq6
https://github.com/h2database/h2database/releases/tag/version-2.0.206
https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6

| | commons-io:commons-io | CVE-2021-29425 | MEDIUM | 2.4 | 2.7 |

Expand...

| | org.apache.httpcomponents:httpclient | CVE-2020-13956 | MEDIUM | 4.5.2 | 4.5.13 |

Expand...

| | org.apache.logging.log4j:log4j-core | CVE-2017-5645 | CRITICAL | 2.4.1 | 2.8.2 |

Expand...

| | org.apache.logging.log4j:log4j-core | CVE-2021-44228 | CRITICAL | 2.4.1 | 2.12.2, 2.3.1, 2.15.0 |

Expand...

| | org.apache.logging.log4j:log4j-core | CVE-2021-45046 | CRITICAL | 2.4.1 | 2.12.2, 2.16.0 |

Expand...

http://www.openwall.com/lists/oss-security/2021/12/14/4
http://www.openwall.com/lists/oss-security/2021/12/15/3
http://www.openwall.com/lists/oss-security/2021/12/18/1
https://access.redhat.com/security/cve/CVE-2021-44228
https://access.redhat.com/security/cve/CVE-2021-45046
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
https://github.com/advisories/GHSA-7rjr-3q55-vv33
https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
https://issues.apache.org/jira/browse/LOG4J2-3221
https://lists.apache.org/thread/83y7dx5xvn3h5290q1twn16tltolv88f
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/
https://logging.apache.org/log4j/2.x/security.html
https://nvd.nist.gov/vuln/detail/CVE-2021-45046
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
https://ubuntu.com/security/notices/USN-5197-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://www.cve.org/CVERecord?id=CVE-2021-45046
https://www.debian.org/security/2021/dsa-5022
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
https://www.kb.cert.org/vuls/id/930724
https://www.openwall.com/lists/oss-security/2021/12/14/4
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html

| | org.apache.logging.log4j:log4j-core | CVE-2021-45105 | HIGH | 2.4.1 | 2.3.1, 2.17.0, 2.12.3 |

Expand...

http://www.openwall.com/lists/oss-security/2021/12/19/1
https://access.redhat.com/security/cve/CVE-2021-45105
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
https://github.com/advisories/GHSA-p6xc-xr62-6r2g
https://issues.apache.org/jira/browse/LOG4J2-3230
https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/
https://logging.apache.org/log4j/2.x/security.html
https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
https://nvd.nist.gov/vuln/detail/CVE-2021-45105
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://security.netapp.com/advisory/ntap-20211218-0001/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
https://ubuntu.com/security/notices/USN-5203-1
https://ubuntu.com/security/notices/USN-5222-1
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell
https://www.cve.org/CVERecord?id=CVE-2021-45105
https://www.debian.org/security/2021/dsa-5024
https://www.kb.cert.org/vuls/id/930724
https://www.openwall.com/lists/oss-security/2021/12/19/1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.zerodayinitiative.com/advisories/ZDI-21-1541/

| | org.apache.logging.log4j:log4j-core | CVE-2021-44832 | MEDIUM | 2.4.1 | 2.17.1, 2.12.4, 2.3.2 |

Expand...

http://www.openwall.com/lists/oss-security/2021/12/28/1
https://access.redhat.com/security/cve/CVE-2021-44832
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832
https://github.com/advisories/GHSA-8489-44mv-ggj8
https://github.com/apache/logging-log4j2/commit/05db5f9527254632b59aed2a1d78a32c5ab74f16
https://issues.apache.org/jira/browse/LOG4J2-3293
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/
https://nvd.nist.gov/vuln/detail/CVE-2021-44832
https://security.netapp.com/advisory/ntap-20220104-0001/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
https://ubuntu.com/security/notices/USN-5222-1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html

| | org.apache.logging.log4j:log4j-core | CVE-2020-9488 | LOW | 2.4.1 | 2.13.2 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2017-5648 | CRITICAL | 8.5.6 | 7.0.76, 8.0.42, 8.5.12, 9.0.1 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2017-5651 | CRITICAL | 8.5.6 | 8.5.13, 9.0.1 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2018-8014 | CRITICAL | 8.5.6 | 9.0.9, 9.0.9, 9.0.9, 9.0.9, 8.0.53, 7.0.88 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2020-1938 | CRITICAL | 8.5.6 | 9.0.31, 9.0.31, 9.0.31, 7.0.100 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2016-8745 | HIGH | 8.5.6 | 7.0.75, 8.0.41, 8.5.9, 9.0.1 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2017-12617 | HIGH | 8.5.6 | 7.0.52, 7.0.78, 7.0.82, 8.0.3, 8.0.5, 8.0.8, 8.0.47, 8.5.23, 9.0.1 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2017-5650 | HIGH | 8.5.6 | 8.5.13, 9.0.1 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2017-5664 | HIGH | 8.5.6 | 7.0.52, 7.0.78, 8.0.8, 8.0.44, 8.5.15, 9.0.1 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2017-7675 | HIGH | 8.5.6 | 8.5.16, 9.0.1 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2018-1336 | HIGH | 8.5.6 | 9.0.8, 9.0.8, 9.0.8, 9.0.8, 8.0.51, 7.0.87 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2018-8034 | HIGH | 8.5.6 | 9.0.10, 9.0.10, 9.0.10, 9.0.10, 8.0.53, 7.0.90 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2019-0199 | HIGH | 8.5.6 | 9.0.16, 9.0.16 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2019-0232 | HIGH | 8.5.6 | 9.0.17, 9.0.17, 9.0.17, 7.0.94 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2019-10072 | HIGH | 8.5.6 | 8.5.40, 9.0.20 |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20
http://www.securityfocus.com/bid/108874
https://access.redhat.com/errata/RHSA-2019:3929
https://access.redhat.com/errata/RHSA-2019:3931
https://access.redhat.com/security/cve/CVE-2019-10072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10072
https://github.com/advisories/GHSA-q4hg-rmq2-52q9
https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-10072
https://security.netapp.com/advisory/ntap-20190625-0002/
https://support.f5.com/csp/article/K17321505
https://ubuntu.com/security/notices/USN-4128-1
https://ubuntu.com/security/notices/USN-4128-2
https://usn.ubuntu.com/4128-1/
https://usn.ubuntu.com/4128-2/
https://www.debian.org/security/2020/dsa-4680
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.synology.com/security/advisory/Synology_SA_19_29

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2019-12418 | HIGH | 8.5.6 | 7.0.99, 8.5.49, 9.0.29 |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html
http://mail-archives.apache.org/mod_mbox/tomcat-users/201912.mbox/%3C3f42d82c-d9e9-8893-9820-df4e420e5c4e@apache.org%3E
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.49
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.29
https://access.redhat.com/security/cve/CVE-2019-12418
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418
https://github.com/advisories/GHSA-hh3j-x4mc-g48r
https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00029.html
https://nvd.nist.gov/vuln/detail/CVE-2019-12418
https://seclists.org/bugtraq/2019/Dec/43
https://security.gentoo.org/glsa/202003-43
https://security.netapp.com/advisory/ntap-20200107-0001/
https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99
https://ubuntu.com/security/notices/USN-4251-1
https://usn.ubuntu.com/4251-1/
https://www.debian.org/security/2019/dsa-4596
https://www.debian.org/security/2020/dsa-4680
https://www.oracle.com/security-alerts/cpuapr2020.html

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2019-17563 | HIGH | 8.5.6 | 7.0.99, 8.5.50, 9.0.30 |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html
http://mail-archives.apache.org/mod_mbox/www-announce/201912.mbox/%3C21b7a375-7297-581b-1f8e-06622d36775b@apache.org%3E
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.30
https://access.redhat.com/security/cve/CVE-2019-17563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563
https://github.com/advisories/GHSA-9xcj-c8cr-8c3c
https://linux.oracle.com/cve/CVE-2019-17563.html
https://linux.oracle.com/errata/ELSA-2020-4004.html
https://lists.apache.org/thread.html/8b4c1db8300117b28a0f3f743c0b9e3f964687a690cdf9662a884bbd%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/reb9a66f176df29b9a832caa95ebd9ffa3284e8f4922ec4fa3ad8eb2e@%3Cissues.cxf.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html
https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html
https://nvd.nist.gov/vuln/detail/CVE-2019-17563
https://seclists.org/bugtraq/2019/Dec/43
https://security.gentoo.org/glsa/202003-43
https://security.netapp.com/advisory/ntap-20200107-0001/
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.50
https://ubuntu.com/security/notices/USN-4251-1
https://usn.ubuntu.com/4251-1/
https://www.debian.org/security/2019/dsa-4596
https://www.debian.org/security/2020/dsa-4680
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2020-13934 | HIGH | 8.5.6 | 8.5.57, 9.0.37 |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html
http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3Cad62f54e-8fd7-e326-25f1-3bdf1ffa3818%40apache.org%3E
http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37
https://access.redhat.com/security/cve/CVE-2020-13934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934
https://github.com/advisories/GHSA-vf77-8h7g-gghp
https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8@%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html
https://nvd.nist.gov/vuln/detail/CVE-2020-13934
https://security.netapp.com/advisory/ntap-20200724-0003/
https://ubuntu.com/security/notices/USN-4596-1
https://usn.ubuntu.com/4596-1/
https://www.debian.org/security/2020/dsa-4727
https://www.openwall.com/lists/oss-security/2020/07/14/4
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2020-17527 | HIGH | 8.5.6 | 8.5.60, 9.0.40, 10.0.2 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2020-9484 | HIGH | 8.5.6 | 7.0.104, 8.5.55, 9.0.35, 10.0.0-M5 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2021-25122 | HIGH | 8.5.6 | 8.5.63, 9.0.43, 10.0.2 |

Expand...

http://mail-archives.apache.org/mod_mbox/tomcat-announce/202103.mbox/%3Cb7626398-5e6d-1639-4e9e-e41b34af84de%40apache.org%3E
http://www.openwall.com/lists/oss-security/2021/03/01/1
https://access.redhat.com/security/cve/CVE-2021-25122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122
https://github.com/advisories/GHSA-j39c-c8hj-x4j3
https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html
https://nvd.nist.gov/vuln/detail/CVE-2021-25122
https://security.netapp.com/advisory/ntap-20210409-0002/
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.2
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.63
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.43
https://ubuntu.com/security/notices/USN-5360-1
https://www.debian.org/security/2021/dsa-4891
https://www.openwall.com/lists/oss-security/2021/03/01/1
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2021-25329 | HIGH | 8.5.6 | 7.0.108, 8.5.63, 9.0.43, 10.0.2 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2018-11784 | MEDIUM | 8.5.6 | 8.5.34, 8.5.34, 9.0.12 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2018-1304 | MEDIUM | 8.5.6 | 9.0.5, 9.0.5, 9.0.5, 9.0.5, 8.0.51, 7.0.86 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2018-1305 | MEDIUM | 8.5.6 | 9.0.5, 9.0.5, 9.0.5, 7.0.85 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2018-8037 | MEDIUM | 8.5.6 | 9.0.10, 9.0.10 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2019-0221 | MEDIUM | 8.5.6 | 9.0.17, 9.0.17, 9.0.17, 7.0.94 |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00090.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00054.html
http://packetstormsecurity.com/files/163457/Apache-Tomcat-9.0.0.M1-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2019/May/50
http://www.securityfocus.com/bid/108545
https://access.redhat.com/errata/RHSA-2019:3929
https://access.redhat.com/errata/RHSA-2019:3931
https://access.redhat.com/security/cve/CVE-2019-0221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0221
https://github.com/advisories/GHSA-jjpq-gp5q-8q6w
https://lists.apache.org/thread.html/6e6e9eacf7b28fd63d249711e9d3ccd4e0a83f556e324aee37be5a8c@%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/05/msg00044.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPHQEL5AQ6LZSZD2Y6TYZ4RC3WI7NXJ3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQTZ5BJ5F4KV6N53SGNKSW3UY5DBIQ46/
https://mail-archives.apache.org/mod_mbox/www-announce/201905.mbox/%3Cb1905aa6-f340-8d0b-58c4-8ac3ebcbfa54@apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-0221
https://seclists.org/bugtraq/2019/Dec/43
https://security.gentoo.org/glsa/202003-43
https://security.netapp.com/advisory/ntap-20190606-0001/
https://support.f5.com/csp/article/K13184144?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/notices/USN-4128-1
https://ubuntu.com/security/notices/USN-4128-2
https://usn.ubuntu.com/4128-1/
https://usn.ubuntu.com/4128-2/
https://www.debian.org/security/2019/dsa-4596
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2020-1935 | MEDIUM | 8.5.6 | 7.0.100, 8.5.51, 9.0.31 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-core | CVE-2021-24122 | MEDIUM | 8.5.6 | 10.0.0-M10, 9.0.40, 8.5.60, 7.0.107 |

Expand...

| | org.apache.tomcat.embed:tomcat-embed-websocket | CVE-2020-13935 | HIGH | 8.5.6 | 7.0.105, 8.5.57, 9.0.37, 10.0.2 |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html
http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E
http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37
https://access.redhat.com/security/cve/CVE-2020-13935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935
https://github.com/advisories/GHSA-m7jv-hq7h-mq7c
https://kc.mcafee.com/corporate/index?page=content&id=SB10332
https://linux.oracle.com/cve/CVE-2020-13935.html
https://linux.oracle.com/errata/ELSA-2020-4004.html
https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50@%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rd48c72bd3255bda87564d4da3791517c074d94f8a701f93b85752651%40%3Cannounce.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html
https://nvd.nist.gov/vuln/detail/CVE-2020-13935
https://security.netapp.com/advisory/ntap-20200724-0003/
https://ubuntu.com/security/notices/USN-4448-1
https://ubuntu.com/security/notices/USN-4596-1
https://usn.ubuntu.com/4448-1/
https://usn.ubuntu.com/4596-1/
https://www.debian.org/security/2020/dsa-4727
https://www.openwall.com/lists/oss-security/2020/07/14/3
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | org.apache.tomcat.embed:tomcat-embed-websocket | CVE-2021-24122 | MEDIUM | 8.5.6 | 10.0.0-M10, 9.0.40, 8.5.60, 7.0.107 |

Expand...

| | org.codehaus.groovy:groovy | CVE-2020-17521 | MEDIUM | 2.4.7 | 2.4.21, 2.5.14, 3.0.7 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-17521
https://github.com/advisories/GHSA-rcjj-h6gh-jf3r
https://github.com/apache/groovy/commit/bcbe5c4c76db83736166530647c024ac1e47ef28
https://github.com/apache/groovy/pull/1425
https://groovy-lang.org/security.html#CVE-2020-17521
https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E
https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3@%3Cdev.atlas.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-17521
https://security.netapp.com/advisory/ntap-20201218-0006/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

Expand...

https://access.redhat.com/security/cve/CVE-2020-25638
https://bugzilla.redhat.com/show_bug.cgi?id=1881353
https://github.com/advisories/GHSA-j8jw-g6fq-mp7h
https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E
https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df@%3Ccommits.turbine.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2020-25638
https://www.debian.org/security/2021/dsa-4908
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html

Expand...

Expand...

https://access.redhat.com/security/cve/CVE-2020-10693
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693
https://github.com/advisories/GHSA-rmrm-75hp-phr2
https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E
https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E
https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-10693
https://www.ibm.com/support/pages/node/6348216
https://www.oracle.com/security-alerts/cpuapr2022.html

Expand...

http://www.securityfocus.com/bid/100948
https://access.redhat.com/errata/RHSA-2018:2405
https://access.redhat.com/security/cve/CVE-2017-8046
https://jira.spring.io/browse/DATAREST-1127
https://jira.spring.io/browse/DATAREST-1152
https://pivotal.io/security/cve-2017-8046
https://www.exploit-db.com/exploits/44289/

Expand...

https://access.redhat.com/security/cve/CVE-2018-1196
https://github.com/advisories/GHSA-xx65-cc7g-9pfp
https://nvd.nist.gov/vuln/detail/CVE-2018-1196
https://pivotal.io/security/cve-2018-1196

Expand...

https://github.com/advisories/GHSA-36p3-wjmg-h94x
https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12
https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6
https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15
https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE
https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18
https://nvd.nist.gov/vuln/detail/CVE-2022-22965
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://tanzu.vmware.com/security/cve-2022-22965

Expand...

Expand...

http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
https://access.redhat.com/security/cve/CVE-2022-22965
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
https://github.com/advisories/GHSA-36p3-wjmg-h94x
https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12
https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6
https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15
https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE
https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18
https://nvd.nist.gov/vuln/detail/CVE-2022-22965
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds
https://tanzu.vmware.com/security/cve-2022-22965
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.praetorian.com/blog/spring-core-jdk9-rce/

Expand...

http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E
https://access.redhat.com/security/cve/CVE-2018-1273
https://github.com/advisories/GHSA-4fq3-mr56-cg6r
https://nvd.nist.gov/vuln/detail/CVE-2018-1273
https://pivotal.io/security/cve-2018-1273

Expand...

Expand...

Expand...

Expand...

Expand...

https://access.redhat.com/errata/RHSA-2018:2405
https://access.redhat.com/security/cve/CVE-2018-1199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199
https://github.com/advisories/GHSA-v596-fwhq-8x48
https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2018-1199
https://pivotal.io/security/cve-2018-1199
https://www.oracle.com/security-alerts/cpujul2020.html

Expand...

Expand...

http://www.securityfocus.com/bid/105703
https://access.redhat.com/security/cve/CVE-2018-15756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756
https://github.com/advisories/GHSA-ffvq-7w96-97p7
https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15756
https://pivotal.io/security/cve-2018-15756
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Expand...

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/107984
https://access.redhat.com/security/cve/CVE-2018-11039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11039
https://github.com/advisories/GHSA-9gcm-f4x3-8jpw
https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
https://nvd.nist.gov/vuln/detail/CVE-2018-11039
https://pivotal.io/security/cve-2018-11039
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Expand...

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://access.redhat.com/security/cve/CVE-2018-11040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11040
https://github.com/advisories/GHSA-f26x-pr96-vw86
https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
https://nvd.nist.gov/vuln/detail/CVE-2018-11040
https://pivotal.io/security/cve-2018-11040
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Expand...

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/104260
https://access.redhat.com/errata/RHSA-2018:1809
https://access.redhat.com/errata/RHSA-2018:3768
https://access.redhat.com/security/cve/CVE-2018-1257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1257
https://github.com/advisories/GHSA-rcpf-vj53-7h2m
https://nvd.nist.gov/vuln/detail/CVE-2018-1257
https://pivotal.io/security/cve-2018-1257
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Expand...

Expand...

https://access.redhat.com/security/cve/CVE-2022-22950
https://github.com/advisories/GHSA-558x-2xjg-6232
https://nvd.nist.gov/vuln/detail/CVE-2022-22950
https://tanzu.vmware.com/security/cve-2022-22950

| | org.springframework:spring-core | CVE-2022-22968 | LOW | 4.3.4.RELEASE | 5.2.21, 5.3.19 |

Expand...

https://access.redhat.com/security/cve/CVE-2022-22968
https://github.com/advisories/GHSA-g5mm-vmx4-3rg7
https://nvd.nist.gov/vuln/detail/CVE-2022-22968
https://tanzu.vmware.com/security/cve-2022-22968

Expand...

| | org.yaml:snakeyaml | CVE-2017-18640 | HIGH | 1.17 | 1.26 |

Expand...