Lucene search
K
RedhatCodeready Studio

5 matches found

CVE
CVE
added 2021/12/14 12:0 a.m.1435 views

CVE-2021-4104

CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...

7.5CVSS9.4AI score0.81147EPSS
In wild
CVE
CVE
added 2021/03/16 9:0 p.m.239 views

CVE-2021-20218

The CVE refers to fabric8 kubernetes-client vulnerability affecting version 4.2.0 and later, where a malicious pod/container can abuse the client’s copy command to extract files outside the working path, impacting integrity and availability. Fixed in kubernetes-client releases 4.13.2, 5.0.2, 4.11...

7.4CVSS7.2AI score0.01312EPSS
CVE
CVE
added 2021/08/05 8:48 p.m.216 views

CVE-2021-3642

CVE-2021-3642 describes a timing-attack vulnerability in Wildfly Elytron’s ScramServer, affecting versions prior to 1.10.14.Final, 1.15.5.Final, and 1.16.1.Final. The highest impact is confidentiality; no exploitation details are provided in the documents. Connected advisories (e.g., Red Hat RHSA...

5.3CVSS5.3AI score0.00846EPSS
CVE
CVE
added 2020/09/23 12:28 p.m.179 views

CVE-2020-10714

CVE-2020-10714 concerns WildFly Elytron prior to 1.11.3.Final. A flaw in FORM authentication with a session ID in the URL enables a session fixation attack, affecting confidentiality, integrity, and availability. The impact is stated in the sources as high (CVSS 3.1) with network access and user ...

7.5CVSS7.3AI score0.01454EPSS
CVE
CVE
added 2024/11/07 10:0 a.m.96 views

CVE-2023-1932

CVE-2023-1932 involves a vulnerability in Hibernate Validator’s SafeHtmlValidator.isValid method. The flaw can be bypassed by omitting a tag ending in a less-than character, allowing browsers to render invalid HTML and potentially enabling HTML injection or Cross-Site Scripting (XSS). The entry s...

6.1CVSS6.1AI score0.00452EPSS