47 matches found
Sensitive Information Exposure
io.zipkin, zipkin-server is vulnerable to Sensitive Information Exposure. The vulnerability is due to the presence of an unprotected /heapdump endpoint associated with Spring Boot Actuator, which allows an attacker to retrieve memory dumps and potentially extract sensitive data. Note: There is a...
CVE-2025-53602
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
io.zipkin:benchmarks (=2.22.1) potentially affected by CVE-2025-53602 via io.zipkin:zipkin-server (=2.22.1)
io.zipkin:zipkin-server MAVEN version =2.22.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.zipkin:zipkin-server and may be impacted: - io.zipkin:benchmarks =2.22.1 Source cves: CVE-2025-53602 Source advisory: SNYK:JAVA-IOZIPKIN-10639631...
io.zipkin:benchmarks (=2.22.1) potentially affected by CVE-2025-53602 via io.zipkin:zipkin-server (=2.22.1)
io.zipkin:zipkin-server MAVEN version =2.22.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.zipkin:zipkin-server and may be impacted: - io.zipkin:benchmarks =2.22.1 Source cves: CVE-2025-53602 Source advisory: OSV:GHSA-794X-8X6X-QPFC...
Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
GHSA-794X-8X6X-QPFC Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
CVE-2025-53602
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
zipkin 安全漏洞
zipkin is a distributed tracking system open-sourced by Open Zipkin. A security vulnerability exists in zipkin 3.5.1 and earlier versions, which originates from an attacker who can access sensitive system memory information via the /heapdump endpoint, leading to information disclosure...
CVE-2025-53602
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
PT-2025-28022 · Zipkin +1 · Zipkin +1
Name of the Vulnerable Software and Affected Versions: Zipkin versions prior to 3.5.2 Description: The issue is related to the exposure of heap dump information through the "/heapdump" endpoint, which is associated with the use of Spring Boot Actuator. This endpoint is similar to a previously...
CVE-2025-53602
CVE-2025-53602 affects Zipkin up to version 3.5.1 with a /heapdump endpoint (via Spring Boot Actuator). The root cause is exposure of sensitive heap memory information leading to potential information disclosure. The CVE is linked to related advisories (e.g., GHSA-794X-8X6X-QPFC) describing insec...
CVE-2025-53602
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
CVE-2025-53602
Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...
CVE-2025-27817 vulnerabilities
Vulnerabilities for packages: opensearch, debezium-connector-spanner, wildfly, druid, strimzi-kafka-operator, thingsboard, logstash, apache-nifi, apicurio-registry, zipkin...
GHSA-VGQ5-3255-V292 vulnerabilities
Vulnerabilities for packages: opensearch, debezium-connector-spanner, wildfly, druid, strimzi-kafka-operator, thingsboard, logstash, apache-nifi, apicurio-registry, zipkin...
CVE-2025-27817 vulnerabilities
Vulnerabilities for packages: druid, apache-nifi, wildfly, thingsboard, strimzi-kafka-operator, logstash, debezium-connector-spanner, opensearch, zipkin, apicurio-registry...
GHSA-VGQ5-3255-V292 vulnerabilities
Vulnerabilities for packages: druid, apache-nifi, wildfly, thingsboard, strimzi-kafka-operator, logstash, debezium-connector-spanner, opensearch, zipkin, apicurio-registry...
GHSA-WHXR-3P84-RF3C vulnerabilities
Vulnerabilities for packages: zipkin...
CVE-2025-27533 vulnerabilities
Vulnerabilities for packages: zipkin...
CVE-2025-27533 vulnerabilities
Vulnerabilities for packages: zipkin...