3 matches found
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +813 more potentially affected by CVE-2021-28168 via org.glassfish.jersey.core:jersey-common (>=3.0.0 <=3.0.18)
org.glassfish.jersey.core:jersey-common MAVEN version =3.0.0, =21.1.0, =21.1.0, =2.0.14-spark-4.0, =4.43.0, =4.48.0, =2.0.0, =2.0.0, =2.0.2 and more Source cves: CVE-2021-28168 Source advisory: OSV:GHSA-C43Q-5HPJ-4CRV...
ai.catboost:catboost-spark_3.0_2.12 (>=0.25 <=1.2.8), ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8) +3360 more potentially affected by CVE-2021-28168 via org.glassfish.jersey.core:jersey-common (>=2.28 <=2.33)
org.glassfish.jersey.core:jersey-common MAVEN version =2.28, =0.25, =1.0.1, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =thread-pool-0.0.24-dev, =0.0.6, =0.0.12, =0.0.1, =3.34.0.3-1-3.0, =0.0.3, =0.0.3, =0.0.8 and more Source cves: CVE-2021-28168 Source advisory: OSV:GHSA-C43Q-5HPJ-4CRV...
XML Entity Expansion (XEE)
Jersey common is vulnerable to billion laugh attacks. These attacks are possible because it does not disable XML Entity Expansion XEE...