CVE-2022-31183

fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...

EUVD-2022-6207

Malicious code in bioql PyPI...

EUVD-2025-27048

Malicious code in bioql PyPI...

CVE-2025-58369

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

ba.sake:hepek-http4s_3 (>=0.31.0 <=0.34.0), ch.linkyard.mcp:jsonrpc2-stdio_3 (>=0.1.0 <=0.3.2) +658 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_3 (>=3.0-117-375521f <=3.12.0)

co.fs2:fs2-io3 MAVEN version =3.0-117-375521f, =0.31.0, =0.1.0, =0.2.0, =0.1.0, =3.10-4b5f50b, =0.29.0, =0.2.1, =1.0.0, =0.1.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-377-020cf9e and more Source cves: CVE-2025-58369 Source advisory:...

co.fs2:fs2-protocols_2.12 (>=3.10-4b5f50b <=3.12.0-RC2), com.47deg:github4s_2.12 (>=0.29.0 <=0.29.1) +435 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.12 (>=3.0.0 <=3.12.0)

co.fs2:fs2-io2.12 MAVEN version =3.0.0, =3.10-4b5f50b, =0.29.0, =1.0.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898,...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socke...

ch.epfl.bluebrain.nexus:cli_2.13 (>=1.5.0 <=1.6.1), ch.epfl.bluebrain.nexus:delta-app_2.13 (>=1.9.0-M1 <=1.9.0-M12-2) +513 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.13 (>=2.0.0 <=2.5.12)

co.fs2:fs2-io2.13 MAVEN version =2.0.0, =1.5.0, =1.9.0-M1, =1.8.0, =1.8.0, =1.8.0, =1.8.0, =1.5.0, =0.3.0, =0.22.0, =0.0.1, =0.2.0, =0.2.0, =0.1.0, =2.1.0, =2.7.2 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-12669992...

ch.epfl.bluebrain.nexus:delta-app_2.13 (>=1.10.0-M8 <=1.10.0-M13), ch.epfl.bluebrain.nexus:delta-archive-plugin_2.13 (>=1.10.0-M8 <=1.10.0-M13) +644 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.13 (>=3.0.0 <=3.12.0)

co.fs2:fs2-io2.13 MAVEN version =3.0.0, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =3.10-4b5f50b, =0.29.0, =1.0.0, =0.11.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-377-020cf9e and more Source cves: CVE-2025-58369 Source advisory:...

com.avast:sst-app-monix_3 (>=0.17.0 <=0.19.3), com.avast:sst-app-zio_3 (>=0.17.0 <=0.19.3) +70 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_3 (>=2.5.10 <=2.5.12)

co.fs2:fs2-io3 MAVEN version =2.5.10, =0.17.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.16.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.19.3 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-12669993...

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socke...

com.47deg:freestyle-http-http4s_2.11 (=0.1.0), com.azavea.geotrellis:geotrellis-server-core_2.11 (>=4.0.1 <=4.2.0) +173 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.11 (>=0.9.1 <=2.1.0)

co.fs2:fs2-io2.11 MAVEN version =0.9.1, =4.0.1, =4.0.1, =4.0.1, =0.4.0, =0.4.0, =5.0.0, =2.0.0, =0.12.7, =0.12.7, =0.12.7, =0.14.1, =0.12.7, =1.1.0, =1.2.1 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-13180115...

ch.j3t:zio-prefetcher_2.12 (>=0.3.0 <=0.7.0), com.47deg:embedded-cassandra-core_2.12 (=0.0.7) +465 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.12 (>=2.0.0 <=2.5.12)

co.fs2:fs2-io2.12 MAVEN version =2.0.0, =0.3.0, =0.22.0, =0.0.1, =0.13.2, =0.2.6, =0.3.0, =0.2.0, =0.1.0, =0.7.0, =0.7.0, =0.18.1, =0.17.0, =0.17.0, =0.1.21, =0.19.3 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-12669991...

CVE-2025-58369

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

CVE-2025-58369 fs2: Half-shutdown of socket during TLS handshake may result in spin loop on opposite side

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

CVE-2025-58369 fs2: Half-shutdown of socket during TLS handshake may result in spin loop on opposite side

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

ch.epfl.bluebrain.nexus:delta-app_2.13 (>=1.10.0-M8 <=1.10.0-M13), ch.epfl.bluebrain.nexus:delta-archive-plugin_2.13 (>=1.10.0-M8 <=1.10.0-M13) +649 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.13 (>=3.0.0-M7 <=3.12.1)

co.fs2:fs2-io2.13 MAVEN version =3.0.0-M7, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =3.10-4b5f50b, =0.29.0, =1.0.0, =0.11.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-377-020cf9e and more Source cves: CVE-2025-58369 Source advisory...

co.fs2:fs2-protocols_2.12 (>=3.10-4b5f50b <=3.12.1), com.47deg:github4s_2.12 (>=0.29.0 <=0.29.1) +440 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.12 (>=3.0.0-M7 <=3.12.1)

co.fs2:fs2-io2.12 MAVEN version =3.0.0-M7, =3.10-4b5f50b, =0.29.0, =1.0.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898,...

com.github.pureconfig:pureconfig-fs2_2.11 (>=0.12.1 <=0.14.0), com.github.regis-leray:fs2-ftp_2.11 (>=0.3.0 <=0.5.0) +14 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.11 (>=2.0.1 <=2.1.0)

co.fs2:fs2-io2.11 MAVEN version =2.0.1, =0.12.1, =0.3.0, =3.3.0, =3.0.0, =3.0.0, =3.3.0, =2.0.0, =3.0.0-RC1, =1.2.0, =1.2.5, =1.3.8 and more Source cves: CVE-2025-58369 Source advisory: OSV:GHSA-RRW2-PX9J-QFFJ...

ba.sake:hepek-http4s_3 (>=0.31.0 <=0.34.0), ch.linkyard.mcp:jsonrpc2-stdio_3 (>=0.1.0 <=0.3.2) +658 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_3 (>=3.0-117-375521f <=3.12.1)

co.fs2:fs2-io3 MAVEN version =3.0-117-375521f, =0.31.0, =0.1.0, =0.2.0, =0.1.0, =3.10-4b5f50b, =0.29.0, =0.2.1, =1.0.0, =0.1.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-377-020cf9e and more Source cves: CVE-2025-58369 Source advisory:...