Utilities Framework@4.3.0.5.0 Security Vulnerabilities and Issues — Utilities Framework@4.3.0.5.0 CVE List

Lucene search

OracleUtilities Framework4.3.0.5.0

4 matches found

CVE•added 2022/03/11 7:15 a.m.•569 views

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

7.5CVSS7.4AI score0.00477EPSS

CVE•added 2020/12/03 5:15 p.m.•500 views

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

7.5CVSS7.3AI score0.00011EPSS

CVE•added 2020/10/01 8:15 p.m.•270 views

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effor...

7.5CVSS6.9AI score0.00591EPSS

CVE•added 2018/03/20 4:29 p.m.•203 views

CVE-2018-8088

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

9.8CVSS9.3AI score0.00836EPSS