9 matches found
Security Bulletin: Vulnerability assertj-core, spring-security-crypto, werkzeug, urllib, libsodium, jersey-client, log4j, dmidecode-dmidecode, and aide affect IBM Cloud Object Storage Systems (FEB 2026)
Summary Vulnerability with assertj-core-3.27.3 CVE-2026-24400 , spring-security-crypto-6.4.4 CVE-2025-22234 , werkzeug-3.1.3-py3 CVE-2026-21860,CVE-2025-66221 , urllib3-2.5.0-py3CVE-2025-66418,CVE-2025-66471, CVE-2026-21441 , libsodiumCVE-2025-69277 jersey-client-2.25.1CVE-2025-12383 ,...
Security Bulletin: Vulnerabilities in jersey-client-3.1.0.jar affecting MongoDB Enterprised Advanced (CVE-2025-12383)
Summary There is a vulnerability in jersey-client-3.1.0.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-12383. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cau...
au.net.causal.shoelaces:shoelaces-jersey (=3.0), au.net.causal.shoelaces:shoelaces-jersey-client (=3.0) +521 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (>=3.1.0-M1 <=3.1.1)
org.glassfish.jersey.core:jersey-client MAVEN version =3.1.0-M1, =22.12.0, =22.11.0, =22.9.0, =22.7.0, =22.10.0, =22.11.0, =22.12.0, =22.7.0, =1.0.0.1, =3.0.12, =4.0.3, =4.0.0, =5.3.5 and more Source cves: CVE-2025-12383 Source advisory: SNYK:JAVA-ORGGLASSFISHJERSEYCORE-14049172...
ae.teletronics.nlp:w2vec (=1.0), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +11492 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (>=2.0 <=2.45)
org.glassfish.jersey.core:jersey-client MAVEN version =2.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2025-12383 Source advisory: SNYK:JAVA-ORGGLASSFISHJERSEYCORE-14049172...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), com.amazon.deequ:deequ (>=2.0.14-spark-4.0 <=2.0.15-spark-4.0) +328 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=3.0.16)
org.glassfish.jersey.core:jersey-client MAVEN version =3.0.16 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - ai.catboost:catboost-spark4.02.13 =1.2.10 - com.amazon.deequ:deequ...
Race Condition
Overview Affected versions of this package are vulnerable to Race Condition in the HttpUrlConnector class, during initialization of SSL sockets. An attacker can cause the application to ignore custom SSL settings, including mutual authentication, custom key and trust stores, and other security...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), cloud.piranha.extension:piranha-extension-microprofile (>=21.1.0 <=21.5.0) +577 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (>=3.0.0-M1 <=3.0.16)
org.glassfish.jersey.core:jersey-client MAVEN version =3.0.0-M1, =21.1.0, =2.0.14-spark-4.0, =3.149.2-beta, =3.149.2-beta, =3.149.2-beta, =3.149.2-beta, =3.149.2-beta, =3.149.2-beta, =4.43.0, =2.0.0, =2.0.0, =2.0.2 and more Source cves: CVE-2025-12383 Source advisory:...
com.axonivy.ivy.webtest:web-tester (>=12.0.1 <=13.1.0), com.exasol:extension-manager-client-java (>=0.5.13 <=0.5.16) +390 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=2.45)
org.glassfish.jersey.core:jersey-client MAVEN version =2.45 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - com.axonivy.ivy.webtest:web-tester =12.0.1, =0.5.13, =0.5.13, =1.6.0, =2.2.19,...
cloud.piranha.dist:piranha-dist-micro (>=24.11.0 <=25.1.0), cloud.piranha.dist:piranha-dist-platform (>=24.11.0 <=25.1.0) +155 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=4.0.0-M1)
org.glassfish.jersey.core:jersey-client MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - cloud.piranha.dist:piranha-dist-micro =24.11.0, =24.11.0, =24.11.0, =24.11.0,...