18 matches found
CVE-2026-49361
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
org.apache.fluss:fluss-kafka (>=0.8.0-incubating <=0.9.0-incubating) potentially affected by CVE-2026-49361 via org.apache.fluss:fluss-rpc (>=0.8.0-incubating <=0.9.0-incubating)
org.apache.fluss:fluss-rpc MAVEN version =0.8.0-incubating, =0.8.0-incubating, =0.9.0-incubating Source cves: CVE-2026-49361 Source advisory: SNYK:JAVA-ORGAPACHEFLUSS-17139463...
org.apache.fluss:fluss-dist (=0.8.0-incubating), org.apache.fluss:fluss-docgen (=0.9.0-incubating) +21 more potentially affected by CVE-2026-49361 via org.apache.fluss:fluss-common (>=0.8.0-incubating <=0.9.0-incubating)
org.apache.fluss:fluss-common MAVEN version =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating,...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper configuration of the LengthFieldBasedFrameDecoder value. An attacker can cause the application to exhaust JVM heap memory and disrupt service availability by sending...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper configuration of the LengthFieldBasedFrameDecoder value. An attacker can cause the application to exhaust JVM heap memory and disrupt service availability by sending...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper configuration of the LengthFieldBasedFrameDecoder value. An attacker can cause the application to exhaust JVM heap memory and disrupt service availability by sending...
CVE-2026-49361
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
EUVD-2026-33600
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
CVE-2026-49361 Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
CVE-2026-49361
CVE-2026-49361: Apache Fluss Netty frame-decoder memory exhaust vulnerability . Affected: Apache Fluss (incubating) versions prior to 0.9.1 (0.8.0 and 0.9.0). Root cause: Netty LengthFieldBasedFrameDecoder configured with Integer.MAX_VALUE as the maximum frame length. Impact: unauthenticated remo...
CVE-2026-49361
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
CVE-2026-49361 Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability
Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...
PT-2026-45385
Name of the Vulnerable Software and Affected Versions Apache Fluss versions prior to 0.9.1 Description The Netty LengthFieldBasedFrameDecoder is configured with Integer.MAX VALUE as the maximum frame length. This allows unauthenticated remote attackers to exhaust JVM heap memory on TabletServer a...
Stadt Land Fluss Duell - BSD license, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Stadt Land Fluss Duell published at the 'play' market has multiple vulnerabilities...
Stadt Land Fluss (Chromecast) - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Stadt Land Fluss Chromecast published at the 'play' market has multiple vulnerabilities...
Stadt Land Fluss Multiplayer - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Stadt Land Fluss Multiplayer published at the 'play' market has multiple vulnerabilities...
Stadt Land Fluss Duell - ContentProvider mode not defined, Dynamic Code Loading, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Stadt Land Fluss Duell published at the 'play' market has multiple vulnerabilities...
Stadt Land Fluss - Dynamic Code Loading, External URLs, Possible privilege escalation vulnerabilities
HackApp vulnerability scanner discovered that application Stadt Land Fluss published at the 'play' market has multiple vulnerabilities...