ch.j3t:zio-prefetcher_2.12 (>=0.3.0 <=0.7.0), com.47deg:embedded-cassandra-core_2.12 (=0.0.7) +465 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.12 (>=2.0.0 <=2.5.12)

co.fs2:fs2-io2.12 MAVEN version =2.0.0, =0.3.0, =0.22.0, =0.0.1, =0.13.2, =0.2.6, =0.3.0, =0.2.0, =0.1.0, =0.7.0, =0.7.0, =0.18.1, =0.17.0, =0.17.0, =0.1.21, =0.19.3 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-12669991...

co.fs2:fs2-protocols_2.12 (>=3.10-4b5f50b <=3.12.0-RC2), com.47deg:github4s_2.12 (>=0.29.0 <=0.29.1) +435 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.12 (>=3.0.0 <=3.12.0)

co.fs2:fs2-io2.12 MAVEN version =3.0.0, =3.10-4b5f50b, =0.29.0, =1.0.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898,...

com.47deg:freestyle-http-http4s_2.11 (=0.1.0), com.azavea.geotrellis:geotrellis-server-core_2.11 (>=4.0.1 <=4.2.0) +173 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.11 (>=0.9.1 <=2.1.0)

co.fs2:fs2-io2.11 MAVEN version =0.9.1, =4.0.1, =4.0.1, =4.0.1, =0.4.0, =0.4.0, =5.0.0, =2.0.0, =0.12.7, =0.12.7, =0.12.7, =0.14.1, =0.12.7, =1.1.0, =1.2.1 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-13180115...

ch.epfl.bluebrain.nexus:delta-app_2.13 (>=1.10.0-M8 <=1.10.0-M13), ch.epfl.bluebrain.nexus:delta-archive-plugin_2.13 (>=1.10.0-M8 <=1.10.0-M13) +649 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.13 (>=3.0.0-M7 <=3.12.1)

co.fs2:fs2-io2.13 MAVEN version =3.0.0-M7, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =3.10-4b5f50b, =0.29.0, =1.0.0, =0.11.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-377-020cf9e and more Source cves: CVE-2025-58369 Source advisory...

com.github.pureconfig:pureconfig-fs2_2.11 (>=0.12.1 <=0.14.0), com.github.regis-leray:fs2-ftp_2.11 (>=0.3.0 <=0.5.0) +14 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.11 (>=2.0.1 <=2.1.0)

co.fs2:fs2-io2.11 MAVEN version =2.0.1, =0.12.1, =0.3.0, =3.3.0, =3.0.0, =3.0.0, =3.3.0, =2.0.0, =3.0.0-RC1, =1.2.0, =1.2.5, =1.3.8 and more Source cves: CVE-2025-58369 Source advisory: OSV:GHSA-RRW2-PX9J-QFFJ...

ch.j3t:zio-prefetcher_2.12 (>=0.3.0 <=0.7.0), com.47deg:embedded-cassandra-core_2.12 (=0.0.7) +592 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.12 (>=0.9.2 <=2.5.12)

co.fs2:fs2-io2.12 MAVEN version =0.9.2, =0.3.0, =0.22.0, =0.0.1, =0.13.2, =0.2.6, =0.3.0, =0.2.0, =0.1.0, =0.6.1, =0.6.1, =0.18.1, =0.18.5 - com.avast:datadog4s-http4s2.12 =0.6.0 and more Source cves: CVE-2025-58369 Source advisory: OSV:GHSA-RRW2-PX9J-QFFJ...

com.azavea.geotrellis:geotrellis-server-core_2.11 (>=4.0.1 <=4.2.0), com.azavea.geotrellis:geotrellis-server-ogc_2.11 (>=4.0.1 <=4.2.0) +145 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.11 (>=1.0.0-M1 <=1.1.0-M1)

co.fs2:fs2-io2.11 MAVEN version =1.0.0-M1, =4.0.1, =4.0.1, =4.0.1, =0.4.0, =0.4.0, =5.0.0, =2.0.0, =1.1.0, =1.0-M1, =0.10.0, =0.11.0, =0.1.0, =0.0.3, =0.0.3, =0.0.8 and more Source cves: CVE-2025-58369 Source advisory: OSV:GHSA-RRW2-PX9J-QFFJ...

co.fs2:fs2-protocols_3 (>=3.1-2-8dabe12 <=3.2.10), com.47deg:github4s_3 (=0.30.0) +132 more potentially affected by CVE-2022-31183 via co.fs2:fs2-io_3 (>=3.1.0 <=3.2-10-421c242)

co.fs2:fs2-io3 MAVEN version =3.1.0, =3.1-2-8dabe12, =0.1-9d346fe, =0.1-9d346fe, =0.1-9d346fe, =0.0-ba9ae1f, =0.0-c482937 - com.avast.cloud:datadog4s-http4s3 =0.31.1 - com.avast.cloud:datadog4s3 =0.31.1 - com.banno:vault4s3 =9.1.0 - com.disneystreaming.smithy4s:smithy4s-http4s-swagger3...

co.fs2:fs2-protocols_2.12 (>=3.1-2-8dabe12 <=3.2.10), com.47deg:github4s_2.12 (=0.30.0) +146 more potentially affected by CVE-2022-31183 via co.fs2:fs2-io_2.12 (>=3.1.0 <=3.2-10-421c242)

co.fs2:fs2-io2.12 MAVEN version =3.1.0, =3.1-2-8dabe12, =0.9.0, =0.9.0, =0.3.0, =0.3.0, =0.4.0 and more Source cves: CVE-2022-31183 Source advisory: OSV:GHSA-2CPX-6PQP-WF35...

co.fs2:fs2-protocols_sjs1_2.13 (>=3.1-2-8dabe12 <=3.2.10), com.armanbilge:feral-lambda-api-gateway-proxy-http4s_sjs1_2.13 (>=0.1-2f94f32 <=0.1-f497734) +27 more potentially affected by CVE-2022-31183 via co.fs2:fs2-io_sjs1_2.13 (>=3.1.0 <=3.2-10-421c242)

co.fs2:fs2-iosjs12.13 MAVEN version =3.1.0, =3.1-2-8dabe12, =0.1-2f94f32, =0.1-2f94f32, =0.18.3, =0.18.3, =0.0.5, =0.0.1, =0.1.0, =0.0.1, =6.0.0, =0.23.5, =0.23.5, =1.0.0-M29 and more Source cves: CVE-2022-31183 Source advisory: OSV:GHSA-2CPX-6PQP-WF35...

co.fs2:fs2-protocols_sjs1_3 (>=3.1-2-8dabe12 <=3.2.10), com.armanbilge:feral-lambda-api-gateway-proxy-http4s_sjs1_3 (>=0.1-2f94f32 <=0.1-f497734) +27 more potentially affected by CVE-2022-31183 via co.fs2:fs2-io_sjs1_3 (>=3.1.0 <=3.2-10-421c242)

co.fs2:fs2-iosjs13 MAVEN version =3.1.0, =3.1-2-8dabe12, =0.1-2f94f32, =0.1-2f94f32, =0.1-9d346fe, =0.1-9d346fe, =0.1-9d346fe, =0.0-ba9ae1f, =0.4.1, =0.18.3, =0.1.0, =6.3.0, =0.23.5, =0.23.5, =0.23.5, =1.0.0-M29 and more Source cves: CVE-2022-31183 Source advisory: OSV:GHSA-2CPX-6PQP-WF35...

PT-2022-20593 · Fs2-Io +1 · Fs2-Io +1

Name of the Vulnerable Software and Affected Versions: fs2-io versions 3.1.0 through 3.2.10 Description: The issue arises when establishing a server-mode TLSSocket using fs2-io on Node.js, where the parameter requestCert = true is ignored, and peer certificate verification is skipped, allowing th...