/sicsdocs/releases/25.1/cve_security_reports/ Recent content in CVE security reports on Hugo -- gohugo.io /sicsdocs/releases/25.1/cve_security_reports/sics_adh_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_adh_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2024-6763 Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. /sicsdocs/releases/25.1/cve_security_reports/sics_api_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_api_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2024-6763 Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. /sicsdocs/releases/25.1/cve_security_reports/sics_batch_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_batch_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2024-6763 Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. /sicsdocs/releases/25.1/cve_security_reports/sics_desktop_app/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_desktop_app/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2024-6763 Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. /sicsdocs/releases/25.1/cve_security_reports/sics_emessaging_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_emessaging_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2024-6763 Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. /sicsdocs/releases/25.1/cve_security_reports/sics_java_launcher/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_java_launcher/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. No vulnerable dependencies found. This report was generated 26.03.2025, 17:47:53 UTC, using dependency-check version: 8.4.2. /sicsdocs/releases/25.1/cve_security_reports/sics_naming_service/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_naming_service/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. No vulnerable dependencies found. This report was generated 26.03.2025, 17:48:11 UTC, using dependency-check version: 8.4.2. /sicsdocs/releases/25.1/cve_security_reports/sics_operational_reporting_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_operational_reporting_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2022-25844 The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. /sicsdocs/releases/25.1/cve_security_reports/sics_operational_reporting_solr_node/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_operational_reporting_solr_node/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2024-6763 Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. /sicsdocs/releases/25.1/cve_security_reports/sics_search_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_search_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2024-6763 Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. /sicsdocs/releases/25.1/cve_security_reports/sics_search_solr_node/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_search_solr_node/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2024-21742 Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. CWE-74 MEDIUM apache-mime4j-dom-0.8.4.jar CVE-2024-6763 Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . /sicsdocs/releases/25.1/cve_security_reports/sics_docs/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/25.1/cve_security_reports/sics_docs/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2024-45801 mermaid.min.js CVE-2024-47875 mermaid.min.js CVE-2024-48910 mermaid.min.js CVE-2025-26791 mermaid.min.js This report was generated 26.03.2025, 17:51:00 UTC, using dependency-check version: 8.4.2.