VulnerableCode Package Details - pkg:rpm/redhat/eap7-hal-console@3.2.18-1.Final_redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-e3vc-jpft-gye7 Aliases: CVE-2022-0084 GHSA-76fg-mhrg-fmmg	XNIO `notifyReadClosed` method logging message to unexpected end A flaw was found in XNIO, specifically in the `notifyReadClosed` method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. A fix for this issue is available on the `3.x` branch of the repository.	There are no reported fixed by versions.
VCID-hqzr-vc5w-9ff5 Aliases: CVE-2022-40152 GHSA-3f7h-mf4q-vrm4	Denial of Service due to parser crash Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. This vulnerability is only relevant for users making use of the DTD parsing functionality.	There are no reported fixed by versions.
VCID-kexn-gjxj-uudm Aliases: CVE-2022-24785 GHSA-8hfj-j24r-96c4	Path Traversal: 'dir/../../filename' in moment.locale This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale.	There are no reported fixed by versions.
VCID-mm3e-4pej-byed Aliases: CVE-2022-25857 GHSA-3mc7-4q67-w48m	Uncontrolled Resource Consumption in snakeyaml The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.	There are no reported fixed by versions.
VCID-myp4-24sf-9yfv Aliases: CVE-2022-40150 GHSA-x27m-9w8j-5vcw	Jettison memory exhaustion Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.	There are no reported fixed by versions.
VCID-nfjb-tkzv-fudg Aliases: CVE-2022-25647 GHSA-4jrv-ppp4-jm57	The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.	There are no reported fixed by versions.
VCID-sqx4-euc2-myew Aliases: CVE-2022-40149 GHSA-56h3-78gp-v83r	Jettison parser crash by stackoverflow Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.	There are no reported fixed by versions.
VCID-zy5r-wxv8-g3e8 Aliases: CVE-2022-23913 GHSA-pr38-qpxm-g88x	Uncontrolled Resource Consumption In Apache ActiveMQ Artemis, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-e3vc-jpft-gye7
Aliases:
CVE-2022-0084
GHSA-76fg-mhrg-fmmg

XNIO `notifyReadClosed` method logging message to unexpected end A flaw was found in XNIO, specifically in the `notifyReadClosed` method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. A fix for this issue is available on the `3.x` branch of the repository.