Filtered by vendor Redhat Subscriptions
Filtered by product Migration Toolkit Applications Subscriptions
Total 66 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-24999 4 Debian, Openjsf, Qs Project and 1 more 12 Debian Linux, Express, Qs and 9 more 2024-11-21 7.5 High
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: [email protected]" in its release description, is not vulnerable).
CVE-2022-1962 2 Golang, Redhat 16 Go, Acm, Application Interconnect and 13 more 2024-11-21 5.5 Medium
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
CVE-2021-46877 2 Fasterxml, Redhat 13 Jackson-databind, Amq Streams, Camel Spring Boot and 10 more 2024-11-21 7.5 High
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
CVE-2021-35065 2 Gulpjs, Redhat 8 Glob-parent, Enterprise Linux, Logging and 5 more 2024-11-21 7.5 High
The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression.
CVE-2020-36567 2 Gin-gonic, Redhat 3 Gin, Migration Toolkit Applications, Rhmt 2024-11-21 7.5 High
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.
CVE-2023-4639 1 Redhat 14 Camel Quarkus, Camel Spring Boot, Integration and 11 more 2024-11-18 7.4 High
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.