Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Snap Creator Framework Security Vulnerabilities - 2021

cve
cve

CVE-2020-27223

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those qual...

5.3CVSS

5.2AI Score

0.025EPSS

2021-02-26 10:15 PM
226
33
cve
cve

CVE-2021-22096

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

4.3CVSS

4.6AI Score

0.001EPSS

2021-10-28 04:15 PM
154
2
cve
cve

CVE-2021-23901

An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML...

9.1CVSS

8.8AI Score

0.016EPSS

2021-01-25 10:16 AM
55
5
cve
cve

CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

9.1CVSS

9.1AI Score

0.004EPSS

2021-01-14 03:15 PM
167
6
cve
cve

CVE-2021-28169

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can ...

5.3CVSS

5.2AI Score

0.006EPSS

2021-06-09 02:15 AM
258
In Wild
15
cve
cve

CVE-2021-34428

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a sess...

3.5CVSS

3.9AI Score

0.002EPSS

2021-06-22 03:15 PM
166
In Wild
13
cve
cve

CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

5.3CVSS

5.4AI Score

0.473EPSS

2021-07-15 05:15 PM
278
10
cve
cve

CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

6.6CVSS

6.9AI Score

0.016EPSS

2021-12-16 07:15 PM
212
5