com.github.cafaudit:caf-audit-binding-elasticsearch (>=5.0.3-1321 <=5.0.4-1329), com.github.cafaudit:caf-audit-monkey-container (>=5.0.3-1321 <=5.0.4-1329) +176 more potentially affected by CVE-2026-8149 via org.bouncycastle:bc-fips (>=2.1.0 <=2.1.2)

org.bouncycastle:bc-fips MAVEN version =2.1.0, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =3.1.2-822, =3.1.2-822, =3.1.2-822, =3.1.2-822, =3.1.3-828 - com.itextpdf:bouncy-castle-fips-adapter =9.6.0 - com.sap.cloud.ans:clm-sl-alert-notification-client =1.13.0 - io.nats.nkeys:fips-jdk17...

EUVD-2020-0372

Malware in sbrugna...

EUVD-2020-0288

Malware in sbrugna...

com.github.cafaudit:caf-audit-binding-elasticsearch (>=5.0.3-1321 <=5.0.4-1329), com.github.cafaudit:caf-audit-monkey-container (>=5.0.3-1321 <=5.0.4-1329) +78 more potentially affected by CVE-2025-9340 via org.bouncycastle:bc-fips (=2.1.0)

org.bouncycastle:bc-fips MAVEN version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bc-fips and may be impacted: - com.github.cafaudit:caf-audit-binding-elasticsearch =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321,...

com.github.cafaudit:caf-audit-binding-elasticsearch (>=5.0.3-1321 <=5.0.4-1329), com.github.cafaudit:caf-audit-monkey-container (>=5.0.3-1321 <=5.0.4-1329) +78 more potentially affected by CVE-2025-9341 via org.bouncycastle:bc-fips (=2.1.0)

org.bouncycastle:bc-fips MAVEN version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bc-fips and may be impacted: - com.github.cafaudit:caf-audit-binding-elasticsearch =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321,...

CVE-2020-5245

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...

CVE-2020-11002

dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you a...

GHSA-F36P-42JV-8RH2 Lithium vulnerable to Cross Site Scripting in provided Swagger-UI

Impact A XSS vulnerability in the provided outdated Swagger-UI is exploitable in applications using lithium with Swagger-UI enabled. This allows an attacker gain Remote Code Execution RCE and potentially exfiltrate secrets in the context of this swagger session. Patches The used swagger-ui was...

com.github.vzakharchenko:cisco-radius-plugin (=1.2.5), com.github.vzakharchenko:keycloak-plugins (>=1.2.4 <=1.2.5) +126 more potentially affected by CVE-2020-1714 via org.keycloak:keycloak-core (>=10.0.0 <=10.0.2)

org.keycloak:keycloak-core MAVEN version =10.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.0.0, =2.0.6, =2.0.6, =2.0.6, =2.0.6, =2.0.6, =2.0.7 and more Source cves: CVE-2020-1714 Source advisory: OSV:GHSA-M6MM-Q862-J366...

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +786 more potentially affected by CVE-2021-28168 via org.glassfish.jersey.core:jersey-common (>=3.0.0 <=3.0.18)

org.glassfish.jersey.core:jersey-common MAVEN version =3.0.0, =21.1.0, =21.1.0, =2.0.14-spark-4.0, =4.43.0, =2.0.0, =2.0.0, =1.0.0, =3.0.5 and more Source cves: CVE-2021-28168 Source advisory: OSV:GHSA-C43Q-5HPJ-4CRV...

Server-Side Template Injection

dropwizard-validation is vulnerable to Server-Side Template Injection. The vulnerability exists as ViolationCollector does not sanitize Java Expression Language EL expressions and accepts malicious Java EL expressions to be passed into the server-side template in the self-validating feature,...

dropwizard-validation injection vulnerability (CNVD-2020-22964)

dropwizard-validation is a library that supports building RESTful web services that can be used in production environments. An injection vulnerability exists in dropwizard-validation versions prior to 2.0.3 and prior to 1.3.21. An attacker can exploit this vulnerability to inject arbitrary Java E...

CVE-2020-11002

dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you a...

CVE-2020-11002

dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you a...

Remote code execution

dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you a...

at.yawk.dropwizard-nagios:dropwizard-nagios (=1.0), be.fluid-it.microservice.bundle:microservice-bundle-core (>=0.1-1 <=0.1-16) +699 more potentially affected by CVE-2020-11002 via io.dropwizard:dropwizard-validation (>=0.7.0-rc1 <=1.3.20)

io.dropwizard:dropwizard-validation MAVEN version =0.7.0-rc1, =0.1-1, =0.1-1, =0.1-9, =0.1-5, =0.8-1-1, =0.0.105, =0.7.0.3, =1.0, =0.1.0, =0.2.0, =0.7.0 and more Source cves: CVE-2020-11002 Source advisory: OSV:GHSA-8JPX-M2WH-2V34...

Remote Code Execution (RCE) vulnerability in dropwizard-validation

Summary A server-side template injection was identified in the self-validating @SelfValidating feature of dropwizard-validation enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you're using a self-validating bean via @SelfValidatin...

GHSA-8JPX-M2WH-2V34 Remote Code Execution (RCE) vulnerability in dropwizard-validation

Summary A server-side template injection was identified in the self-validating @SelfValidating feature of dropwizard-validation enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you're using a self-validating bean via @SelfValidatin...

com.bendb.dropwizard:dropwizard-jooq (=2.0.2-0), com.bendb.dropwizard:dropwizard-redis (=2.0.2-0) +227 more potentially affected by CVE-2020-11002 via io.dropwizard:dropwizard-validation (>=2.0.0 <=2.0.29)

io.dropwizard:dropwizard-validation MAVEN version =2.0.0, =2.0.0, =3.0.0, =3.0.0, =4.0.0, =2.0.0, =1.2.0, =1.2.0, =1.2.4 - com.github.vivekkothari:data-river-core =2.0.0 and more Source cves: CVE-2020-11002 Source advisory: OSV:GHSA-8JPX-M2WH-2V34...

CVE-2020-11002

CVE-2020-11002 affects Dropwizard-validation prior to 1.3.21 and 2.0.3, where a server-side template injection in the self-validating feature enables injection of arbitrary Java EL expressions, leading to Remote Code Execution (RCE). Affected: dropwizard-validation versions before 1.3.21 and 2.0....