VulnerableCode Package Details - pkg:apk/alpine/openjdk11@11.0.15_p10-r0?arch=s390x&distroversion=v3.15&reponame=community

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1d6t-ndfc-m7hg	OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)	CVE-2022-21443
VCID-5cf7-va9h-h3gy	Improper Certificate Validation Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.	CVE-2021-44531
VCID-a95g-84vs-xbav	OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)	CVE-2022-21476
VCID-e18p-c3m9-2qgy	Multiple vulnerabilities have been discovered in Node.js.	CVE-2021-44532
VCID-gsbn-6t86-7kf9	Loop with Unreachable Exit Condition ('Infinite Loop') The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters	CVE-2022-0778 GHSA-x3mh-jvjw-3xwx
VCID-hx4c-96gx-2fbq	OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)	CVE-2022-21426
VCID-m5ae-uc68-d3g2	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') This advisory has been marked as a false positive.	CVE-2022-21824
VCID-ms5y-gp7v-2qay	Multiple vulnerabilities have been discovered in Node.js.	CVE-2021-44533
VCID-y5qu-j3wt-wuej	OpenJDK: URI parsing inconsistencies (JNDI, 8278972)	CVE-2022-21496
VCID-zh9v-47ue-p7ep	OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)	CVE-2022-21434

Vulnerability

Summary

Aliases

VCID-1d6t-ndfc-m7hg

OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)

CVE-2022-21443

VCID-5cf7-va9h-h3gy

Improper Certificate Validation Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js does not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.

CVE-2021-44531

VCID-a95g-84vs-xbav

OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)

CVE-2022-21476

VCID-e18p-c3m9-2qgy

Multiple vulnerabilities have been discovered in Node.js.

CVE-2021-44532

VCID-gsbn-6t86-7kf9

Loop with Unreachable Exit Condition ('Infinite Loop') The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters

CVE-2022-0778
GHSA-x3mh-jvjw-3xwx

VCID-hx4c-96gx-2fbq

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

CVE-2022-21426

VCID-m5ae-uc68-d3g2

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') This advisory has been marked as a false positive.

CVE-2022-21824

VCID-ms5y-gp7v-2qay

Multiple vulnerabilities have been discovered in Node.js.

CVE-2021-44533

VCID-y5qu-j3wt-wuej

OpenJDK: URI parsing inconsistencies (JNDI, 8278972)

CVE-2022-21496

VCID-zh9v-47ue-p7ep

OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)

CVE-2022-21434

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-08T06:23:21.571703+00:00	Alpine Linux Importer	Fixing	VCID-hx4c-96gx-2fbq	https://secdb.alpinelinux.org/v3.15/community.json	38.1.0
2026-04-06T04:52:50.453694+00:00	Alpine Linux Importer	Fixing	VCID-a95g-84vs-xbav	https://secdb.alpinelinux.org/v3.15/community.json	38.1.0
2026-04-06T04:45:22.937631+00:00	Alpine Linux Importer	Fixing	VCID-ms5y-gp7v-2qay	https://secdb.alpinelinux.org/v3.15/community.json	38.1.0
2026-04-03T17:55:43.737234+00:00	Alpine Linux Importer	Fixing	VCID-zh9v-47ue-p7ep	https://secdb.alpinelinux.org/v3.15/community.json	38.1.0
2026-04-03T17:43:45.273476+00:00	Alpine Linux Importer	Fixing	VCID-y5qu-j3wt-wuej	https://secdb.alpinelinux.org/v3.15/community.json	38.1.0
2026-04-01T19:13:18.150995+00:00	Alpine Linux Importer	Fixing	VCID-e18p-c3m9-2qgy	https://secdb.alpinelinux.org/v3.15/community.json	38.0.0
2026-04-01T19:11:44.494142+00:00	Alpine Linux Importer	Fixing	VCID-1d6t-ndfc-m7hg	https://secdb.alpinelinux.org/v3.15/community.json	38.0.0
2026-04-01T19:07:05.914735+00:00	Alpine Linux Importer	Fixing	VCID-5cf7-va9h-h3gy	https://secdb.alpinelinux.org/v3.15/community.json	38.0.0
2026-04-01T18:53:04.013434+00:00	Alpine Linux Importer	Fixing	VCID-gsbn-6t86-7kf9	https://secdb.alpinelinux.org/v3.15/community.json	38.0.0
2026-04-01T18:47:59.873081+00:00	Alpine Linux Importer	Fixing	VCID-m5ae-uc68-d3g2	https://secdb.alpinelinux.org/v3.15/community.json	38.0.0