/sicsdocs/releases/21.4/cve_security_reports/ Recent content in CVE security reports on Hugo -- gohugo.io /sicsdocs/releases/21.4/cve_security_reports/sics_adh_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_adh_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-35515 When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. /sicsdocs/releases/21.4/cve_security_reports/sics_api_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_api_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-35515 When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. /sicsdocs/releases/21.4/cve_security_reports/sics_batch_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_batch_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-35515 When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. /sicsdocs/releases/21.4/cve_security_reports/sics_desktop_app/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_desktop_app/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-35515 When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. /sicsdocs/releases/21.4/cve_security_reports/sics_emessaging_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_emessaging_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-35515 When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. /sicsdocs/releases/21.4/cve_security_reports/sics_java_launcher/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_java_launcher/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. No vulnerable dependencies found. This report was generated 16.12.2021, 20:59:17 UTC, using dependency-check version: 6.5.0. /sicsdocs/releases/21.4/cve_security_reports/sics_naming_service/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_naming_service/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-28170 In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. CWE-20 MEDIUM MEDIUM jakarta.el-api-3.0.2.jar This report was generated 16.12.2021, 20:59:33 UTC, using dependency-check version: 6. /sicsdocs/releases/21.4/cve_security_reports/sics_operational_reporting_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_operational_reporting_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency 1005299 This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution. /sicsdocs/releases/21.4/cve_security_reports/sics_operational_reporting_solr_node/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_operational_reporting_solr_node/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2020-13955 HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. /sicsdocs/releases/21.4/cve_security_reports/sics_search_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_search_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. NVD-CWE-noinfo MEDIUM MEDIUM httpclient-4.5.12.jar CVE-2021-21290 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. /sicsdocs/releases/21.4/cve_security_reports/sics_search_solr_node/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_search_solr_node/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2020-13955 HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. /sicsdocs/releases/21.4/cve_security_reports/sics_docs/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/21.4/cve_security_reports/sics_docs/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. No vulnerable dependencies found. This report was generated 16.12.2021, 21:02:01 UTC, using dependency-check version: 6.5.0.