CVE-2023-39017 Description quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur. Mitigation There is no non-vulnerable upgrade path for this component/package. We recommend investigating alternative components or a potential mitigating control. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39017 https://github.com/advisories/GHSA-9jc9-7p44-pm6c Project Category n/a Tags data Date Disclosed 2023-07-28 Date Discovered 2023-07-25 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable?  Contact us so we can help you.

CVE-2018-14040 Description In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14040 https://github.com/twbs/bootstrap/issues/26423 https://github.com/twbs/bootstrap/issues/26625 https://github.com/twbs/bootstrap/pull/26630 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14040 Project Category n/a Tags data Date Disclosed 2018-07-13 Date Discovered 2018-07-13 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable?  Contact us so…

CVE-2023-33202 Description Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Alternatively, if upgrading is not…

CVE-2023-31582 Description jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31582 https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md Project Category n/a Tags data Date Disclosed 2023-10-24 Date Discovered 2023-04-29 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable?  Contact us so…

CVE-2023-51775 Description The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51775 https://bitbucket.org/b_c/jose4j/issues/212 Project Category n/a Tags data Date Disclosed…

CVE-2022-45693 Description Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45693 https://github.com/jettison-json/jettison/issues/52 https://github.com/jettison-json/jettison/pull/53 Project Category…

CVE-2022-45685 Description A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45685 https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.2 https://github.com/jettison-json/jettison/issues/54 Project Category n/a Tags data Date Disclosed 2022-12-13 Date Discovered 2022-11-21…