Search for packages
| purl | pkg:rpm/redhat/jenkins-2-plugins@4.18.1750846854-1?arch=el9 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9dt3-fcnc-j3hg
Aliases: CVE-2024-57699 GHSA-pq2g-wx69-c263 |
Netplex Json-smart Uncontrolled Recursion vulnerability A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370. The fixed version only addresses the default modes provided by [JSONParser](https://github.com/netplex/json-smart-v2/blob/master/json-smart/src/main/java/net/minidev/json/parser/JSONParser.java#L118), such as `MODE_RFC4627`. If you create the JSONParser manually or with custom options, make sure to set the `LIMIT_JSON_DEPTH` option. | There are no reported fixed by versions. |
|
VCID-pwnn-qx48-ykae
Aliases: CVE-2025-52999 GHSA-h46c-h94j-95f3 |
jackson-core can throw a StackoverflowError when processing deeply nested data ### Impact With older versions of jackson-core, if you parse an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. ### Patches jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. Change is in https://github.com/FasterXML/jackson-core/pull/943. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. ### Workarounds Users should avoid parsing input files from untrusted sources. | There are no reported fixed by versions. |
|
VCID-sshg-yscz-afga
Aliases: CVE-2025-1948 GHSA-889j-63jv-qhr8 |
Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit ### Original Report In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting. ### Impact Remote peers can cause the JVM to crash or continuously report OOM. ### Patches 12.0.17 ### Workarounds No workarounds. ### References https://github.com/jetty/jetty.project/issues/12690 | There are no reported fixed by versions. |
|
VCID-vghg-4esd-cbc6
Aliases: CVE-2025-22228 GHSA-mg83-c7gq-rv5c |
Spring Security Does Not Enforce Password Length BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:42:53.058191+00:00 | RedHat Importer | Affected by | VCID-9dt3-fcnc-j3hg | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-57699.json | 38.0.0 |
| 2026-04-01T13:41:53.406300+00:00 | RedHat Importer | Affected by | VCID-vghg-4esd-cbc6 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22228.json | 38.0.0 |
| 2026-04-01T13:40:19.720805+00:00 | RedHat Importer | Affected by | VCID-sshg-yscz-afga | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1948.json | 38.0.0 |
| 2026-04-01T13:39:01.552959+00:00 | RedHat Importer | Affected by | VCID-pwnn-qx48-ykae | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52999.json | 38.0.0 |