undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : OpenJDK 25 vulnerabilities (USN-7884-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7884-1 advisory. Jinfeng Guo discovered that the Security component of OpenJDK 25 did not correctly handle certain representations of encoded...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : OpenJDK 21 vulnerabilities (USN-7885-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7885-1 advisory. Jinfeng Guo discovered that the Security component of OpenJDK 21 did not correctly handle certain representations...

Ubuntu 25.04 / 25.10 : CRaC JDK 21 vulnerabilities (USN-7901-1)

The remote Ubuntu 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7901-1 advisory. Jinfeng Guo discovered that the Security component of CRaC JDK 21 did not correctly handle certain representations of encoded strings. An...

Ubuntu 25.10 : CRaC JDK 25 vulnerabilities (USN-7902-1)

The remote Ubuntu 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7902-1 advisory. Jinfeng Guo discovered that the Security component of CRaC JDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated...

USN-7902-1: CRaC JDK 25 vulnerabilities

Jinfeng Guo discovered that the Security component of CRaC JDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...

USN-7902-1 openjdk-25-crac vulnerabilities

Jinfeng Guo discovered that the Security component of CRaC JDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...

USN-7901-1: CRaC JDK 21 vulnerabilities

Jinfeng Guo discovered that the Security component of CRaC JDK 21 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...

USN-7884-1: OpenJDK 25 vulnerabilities

Jinfeng Guo discovered that the Security component of OpenJDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...

USN-7884-1 openjdk-25 vulnerabilities

Jinfeng Guo discovered that the Security component of OpenJDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...

EUVD-2024-2542

Malicious code in bioql PyPI...

EUVD-2024-2343

Malicious code in bioql PyPI...

undertow: information leakage via HTTP/2 request header reuse

REJECTED CVE A vulnerability has been identified in the Undertow package where the readHpackString method may incorrectly reuse an HTTP request header value from a previous stream for a new request on the same HTTP/2 connection due to improper handling of the stringBuilder field. While this...

Linux Distros Unpatched Vulnerability : CVE-2023-36109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecmastringbuilderappendraw component at...

OSV-2025-466 Security exception in java.base/java.lang.AbstractStringBuilder.<init>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=424617284 Crash type: Security exception Crash state: java.base/java.lang.AbstractStringBuilder. java.base/java.lang.StringBuilder. com.ctc.wstx.util.StringUtil.normalizeSpaces...

CVE-2024-21524

All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example,...

OESA-2024-2579 undertow security update

Java web server using non-blocking IO Security Fixes: Description: Product Security received a report that Undertow might incorrectly re-use an HTTP request header value from a previous stream for a request associated with a subsequent stream on the same HTTP/2 connection. The issue is linked to...

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...