advisory-database issues

[GHSA-r4ph-mx67-x58p] Shopware database password is leaked to an unauthenticated users

3

**Updates** - Affected products **Comments** The composer package name `shopware/shopware` refers to `Shopware 5` and is a totally different system. See https://github.com/shopware5/shopware/blob/5.7/composer.json#L2 We just renamed the GitHub repository name from...

mitelg

[GHSA-hxgx-584x-vwm8] Appwrite Server-Side Request Forgery vulnerability

1

**Updates** - Affected products - CVSS - Severity **Comments** Fixed in 1.3.0, confidentiality is low as no internal data is exposed.

abnegate

[GHSA-qmx3-m648-hr74] Log Injection in Apache Sling Commons Log and Apache Sling API

1

**Updates** - Affected products **Comments** https://mvnrepository.com/artifact/org.apache.sling/org.apache.sling.api

SunBK201

[GHSA-q62h-jw38-24vh] Uncaught Exception in zip4j

1

**Updates** - Affected products **Comments** According to [Patch](https://github.com/srikanth-lingala/zip4j/commit/35122fd19b3f1fae531d9e20d54e8dc894414dab), this vulnerability was introduced from 2.0.

SunBK201

[GHSA-8vhq-qq4p-grq3] OS Command Injection in Plexus-utils

1

**Updates** - Affected products **Comments** According to [Patch](b38a1b3a4352303e4312b2bb601a0d7ec6e28f41), this vulnerability was introduced from 1.4.1.

SunBK201

[GHSA-6phf-73q6-gh87] Insecure Deserialization in Apache Commons Beanutils

1

**Updates** - Affected products **Comments** According to [Patch](https://github.com/apache/commons-beanutils/commit/dd48f4e589462a8cdb1f29bbbccb35d6b0291d58), this vulnerability was introduced from 1.9.0.

SunBK201

[GHSA-rgv9-q543-rqg4] Uncontrolled Resource Consumption in FasterXML jackson-databind

1

**Updates** - Affected products **Comments** According to [Patch](https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88), this vulnerability was introduced from 2.4.0.

SunBK201

[GHSA-cqqj-4p63-rrmm] HTTP Request Smuggling in Netty

1

**Updates** - Affected products **Comments** According to [Patch](https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323), this vulnerability was introduced from 4.0.0.Beta1.

SunBK201

[GHSA-wx5j-54mm-rqqq] HTTP request smuggling in netty

2

**Updates** - Affected products **Comments** According to [Patch](https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323), this vulnerability was introduced from 4.0.0.Beta2.

SunBK201

[GHSA-qxxx-2pp7-5hmx] jackson-databind is vulnerable to a deserialization flaw

1

**Updates** - Affected products **Comments** https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind

SunBK201

advisory-database
advisory-database copied to clipboard

Metadata

[GHSA-r4ph-mx67-x58p] Shopware database password is leaked to an unauthenticated users

[GHSA-hxgx-584x-vwm8] Appwrite Server-Side Request Forgery vulnerability

[GHSA-qmx3-m648-hr74] Log Injection in Apache Sling Commons Log and Apache Sling API

[GHSA-q62h-jw38-24vh] Uncaught Exception in zip4j

[GHSA-8vhq-qq4p-grq3] OS Command Injection in Plexus-utils

[GHSA-6phf-73q6-gh87] Insecure Deserialization in Apache Commons Beanutils

[GHSA-rgv9-q543-rqg4] Uncontrolled Resource Consumption in FasterXML jackson-databind

[GHSA-cqqj-4p63-rrmm] HTTP Request Smuggling in Netty

[GHSA-wx5j-54mm-rqqq] HTTP request smuggling in netty

[GHSA-qxxx-2pp7-5hmx] jackson-databind is vulnerable to a deserialization flaw

← Metadata

Owner

Metadata

advisory-database advisory-database copied to clipboard

Metadata

← Metadata

Owner

Metadata

advisory-database
advisory-database copied to clipboard