Amazon Linux 2 : aws-kinesis-agent (ALAS-2025-2898)

The version of aws-kinesis-agent installed on the remote host is prior to 2.0.12-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2898 advisory. Jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data...

Medium: aws-kinesis-agent

Issue Overview: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's JsonLocation.appendSourceDesc method allows up to 500 bytes of unintended...

Medium: aws-kinesis-agent

Issue Overview: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's JsonLocation.appendSourceDesc method allows up to 500 bytes of unintended...

Amazon Linux 2023 : aws-kinesis-agent (ALAS2023-2025-1024)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1024 advisory. Jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in...

Medium: aws-kinesis-agent

Issue Overview: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's JsonLocation.appendSourceDesc method allows up to 500 bytes of unintended...

Amazon Linux 2 : aws-kinesis-agent (ALAS-2025-2788)

The version of aws-kinesis-agent installed on the remote host is prior to 2.0.10-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2788 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in...

Amazon Linux 2023 : aws-kinesis-agent (ALAS2023-2025-889)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-889 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is...

Important: aws-kinesis-agent

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

Important: aws-kinesis-agent

Issue Overview: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

Medium: aws-kinesis-agent

Issue Overview: Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC...

Medium: aws-kinesis-agent

Issue Overview: A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map MDC input data can craft malicious input data that contains a recursive lookup and can...

Amazon Linux 2 : aws-kinesis-agent (ALAS-2021-1733)

The version of aws-kinesis-agent installed on the remote host is prior to 2.0.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1733 advisory. A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non- default Pattern Layo...

Amazon Linux 2 : aws-kinesis-agent (ALAS-2021-1730)

The version of aws-kinesis-agent installed on the remote host is prior to 2.0.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1730 advisory. Amazon Kinesis Agent versions within Amazon Linux 2 AL2 prior to aws-kinesis-agent-2.0.4-1 included a version of...