CWE-226

Sensitive Information in Resource Not Removed Before Reuse

The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.

CVE-2018-7166 (GCVE-0-2018-7166)

Vulnerability from cvelistv5 – Published: 2018-08-21 13:00 – Updated: 2024-09-17 00:26
VLAI?
Summary
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.
Severity ?
No CVSS data available.
CWE
  • CWE-226 - Sensitive Information Uncleared Before Release
Assigner
References
Impacted products
Vendor Product Version
The Node.js Project Node.js Affected: All versions of Node.js 10 prior to 10.9.0
Create a notification for this product.
Date Public ?
2018-08-12 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:24:11.399Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2553",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2553"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Node.js",
          "vendor": "The Node.js Project",
          "versions": [
            {
              "status": "affected",
              "version": "All versions of Node.js 10 prior to 10.9.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-226",
              "description": "CWE-226: Sensitive Information Uncleared Before Release",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-23T09:57:01.000Z",
        "orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
        "shortName": "nodejs"
      },
      "references": [
        {
          "name": "RHSA-2018:2553",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2553"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-request@iojs.org",
          "DATE_PUBLIC": "2018-08-12T00:00:00",
          "ID": "CVE-2018-7166",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Node.js",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions of Node.js 10 prior to 10.9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Node.js Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-226: Sensitive Information Uncleared Before Release"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2553",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2553"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
    "assignerShortName": "nodejs",
    "cveId": "CVE-2018-7166",
    "datePublished": "2018-08-21T13:00:00.000Z",
    "dateReserved": "2018-02-15T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:26:00.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-1573 (GCVE-0-2019-1573)

Vulnerability from cvelistv5 – Published: 2019-04-09 21:04 – Updated: 2024-09-16 19:21
VLAI?
Title
Information Disclosure in GlobalProtect Agent
Summary
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.
Severity ?
2.5 (Low)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-226 - Sensitive Information Uncleared Before Release
Assigner
References
Impacted products
Vendor Product Version
Palo Alto Networks GlobalProtect Agent Affected: 4.1 , ≤ 4.1.0 (custom)
Create a notification for this product.
Date Public ?
2019-04-09 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#192371",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/192371"
          },
          {
            "name": "107868",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107868"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2019-1573"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "GlobalProtect Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "4.1.1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "4.1.0",
              "status": "affected",
              "version": "4.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "OS X"
          ],
          "product": "GlobalProtect Agent",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "lessThan": "4.1*",
              "status": "unaffected",
              "version": "4.1.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-04-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-226",
              "description": "CWE-226 Sensitive Information Uncleared Before Release",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-09T13:29:41.000Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "name": "VU#192371",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/192371"
        },
        {
          "name": "107868",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107868"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2019-1573"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed in GlobalProtect Agent 4.1.1 and later for Windows, and GlobalProtect Agent 4.1.11 and later for macOS."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Information Disclosure in GlobalProtect Agent",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2019-04-09T17:45:00.000Z",
          "ID": "CVE-2019-1573",
          "STATE": "PUBLIC",
          "TITLE": "Information Disclosure in GlobalProtect Agent"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GlobalProtect Agent",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c=",
                            "version_name": "4.1",
                            "version_value": "4.1.0"
                          },
                          {
                            "platform": "Windows",
                            "version_affected": "!\u003e=",
                            "version_name": "4.1",
                            "version_value": "4.1.1"
                          },
                          {
                            "platform": "OS X",
                            "version_affected": "!\u003e=",
                            "version_name": "4.1",
                            "version_value": "4.1.11"
                          },
                          {
                            "platform": "OS X",
                            "version_affected": "\u003c=",
                            "version_name": "4.1",
                            "version_value": "4.1.10 +1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-226 Sensitive Information Uncleared Before Release"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#192371",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/192371"
            },
            {
              "name": "107868",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107868"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005"
            },
            {
              "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783",
              "refsource": "CONFIRM",
              "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-783"
            },
            {
              "name": "https://security.paloaltonetworks.com/CVE-2019-1573",
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2019-1573"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in GlobalProtect Agent 4.1.1 and later for Windows, and GlobalProtect Agent 4.1.11 and later for macOS."
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2019-1573",
    "datePublished": "2019-04-09T21:04:01.397Z",
    "dateReserved": "2018-12-06T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:21:01.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-25553 (GCVE-0-2019-25553)

Vulnerability from cvelistv5 – Published: 2026-03-21 12:46 – Updated: 2026-03-23 16:32
VLAI?
Title
CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image
Summary
CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow.
Severity ?
6.9 (Medium)
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.2 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Assigner
References
Impacted products
Vendor Product Version
Cewe-Photoworld CEWE PHOTO IMPORTER Affected: 6.4.3
Create a notification for this product.
Date Public ?
2019-05-17 00:00
Credits
Alejandra Sánchez
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25553",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T16:31:54.882315Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T16:32:03.289Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CEWE PHOTO IMPORTER",
          "vendor": "Cewe-Photoworld",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alejandra S\u00e1nchez"
        }
      ],
      "datePublic": "2019-05-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-226",
              "description": "Sensitive Information in Resource Not Removed Before Reuse",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-21T12:46:55.830Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-46862",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46862"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://cewe-photoworld.com/"
        },
        {
          "name": "VulnCheck Advisory: CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/cewe-photo-importer-denial-of-service-via-malformed-image"
        }
      ],
      "title": "CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25553",
    "datePublished": "2026-03-21T12:46:55.830Z",
    "dateReserved": "2026-03-21T12:29:12.781Z",
    "dateUpdated": "2026-03-23T16:32:03.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2019-25560 (GCVE-0-2019-25560)

Vulnerability from cvelistv5 – Published: 2026-03-21 12:47 – Updated: 2026-03-23 15:39
VLAI?
Title
Lyric Video Creator 2.1 Denial of Service via MP3 File
Summary
Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality.
Severity ?
8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Assigner
References
Impacted products
Vendor Product Version
Lyricvideocreator Lyric Video Creator Affected: 2.1
Create a notification for this product.
Date Public ?
2019-05-09 00:00
Credits
Alejandra Sánchez
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25560",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T15:39:45.426009Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T15:39:52.746Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Lyric Video Creator",
          "vendor": "Lyricvideocreator",
          "versions": [
            {
              "status": "affected",
              "version": "2.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alejandra S\u00e1nchez"
        }
      ],
      "datePublic": "2019-05-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-226",
              "description": "Sensitive Information in Resource Not Removed Before Reuse",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-21T12:47:01.399Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-46816",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46816"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://lyricvideocreator.com/"
        },
        {
          "name": "Product Reference",
          "tags": [
            "product"
          ],
          "url": "https://lyricvideocreator.com/dwl/LyricVideoCreator.exe"
        },
        {
          "name": "VulnCheck Advisory: Lyric Video Creator 2.1 Denial of Service via MP3 File",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/lyric-video-creator-denial-of-service-via-mp3-file"
        }
      ],
      "title": "Lyric Video Creator 2.1 Denial of Service via MP3 File",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25560",
    "datePublished": "2026-03-21T12:47:01.399Z",
    "dateReserved": "2026-03-21T12:31:26.076Z",
    "dateUpdated": "2026-03-23T15:39:52.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2019-25563 (GCVE-0-2019-25563)

Vulnerability from cvelistv5 – Published: 2026-03-21 12:47 – Updated: 2026-03-23 20:13
VLAI?
Title
PCHelpWareV2 1.0.0.5 Denial of Service via SC Creation
Summary
PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the application to crash.
Severity ?
6.9 (Medium)
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.2 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Assigner
References
Impacted products
Vendor Product Version
Uvnc PCHelpWareV2 Affected: 1.0.0.5
Create a notification for this product.
Date Public ?
2019-04-16 00:00
Credits
Alejandra Sánchez
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25563",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T20:12:00.961833Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T20:13:05.084Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PCHelpWareV2",
          "vendor": "Uvnc",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.5"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:uvnc:ultravnc:1.0.0.5:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alejandra S\u00e1nchez"
        }
      ],
      "datePublic": "2019-04-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PCHelpWareV2 1.0.0.5 contains a denial of service vulnerability that allows local attackers to crash the application by supplying a malformed image file. Attackers can trigger the vulnerability through the Create SC feature by selecting a crafted BMP file with an oversized buffer, causing the application to crash."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-226",
              "description": "Sensitive Information in Resource Not Removed Before Reuse",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-21T12:47:03.821Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-46708",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46708"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.uvnc.com/home.html"
        },
        {
          "name": "Product Reference",
          "tags": [
            "product"
          ],
          "url": "http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi"
        },
        {
          "name": "VulnCheck Advisory: PCHelpWareV2 1.0.0.5 Denial of Service via SC Creation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/pchelpwarev2-denial-of-service-via-sc-creation"
        }
      ],
      "title": "PCHelpWareV2 1.0.0.5 Denial of Service via SC Creation",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25563",
    "datePublished": "2026-03-21T12:47:03.821Z",
    "dateReserved": "2026-03-21T12:31:50.768Z",
    "dateUpdated": "2026-03-23T20:13:05.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2019-25571 (GCVE-0-2019-25571)

Vulnerability from cvelistv5 – Published: 2026-03-21 12:47 – Updated: 2026-03-23 16:24
VLAI?
Title
MediaMonkey 4.1.23 Denial of Service via Malformed URL
Summary
MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog.
Severity ?
6.9 (Medium)
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.2 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Assigner
References
Impacted products
Vendor Product Version
Mediamonkey MediaMonkey Affected: 4.1.23.1881
Create a notification for this product.
Date Public ?
2019-02-14 00:00
Credits
Alejandra Sánchez
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25571",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T16:23:52.441059Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T16:24:02.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MediaMonkey",
          "vendor": "Mediamonkey",
          "versions": [
            {
              "status": "affected",
              "version": "4.1.23.1881"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alejandra S\u00e1nchez"
        }
      ],
      "datePublic": "2019-02-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File \u003e Open URL dialog."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-226",
              "description": "Sensitive Information in Resource Not Removed Before Reuse",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-21T12:47:10.769Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-46378",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46378"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://www.mediamonkey.com/"
        },
        {
          "name": "Product Reference",
          "tags": [
            "product"
          ],
          "url": "https://www.mediamonkey.com/sw/MediaMonkey_4.1.23.1881.exe"
        },
        {
          "name": "VulnCheck Advisory: MediaMonkey 4.1.23 Denial of Service via Malformed URL",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/mediamonkey-denial-of-service-via-malformed-url"
        }
      ],
      "title": "MediaMonkey 4.1.23 Denial of Service via Malformed URL",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25571",
    "datePublished": "2026-03-21T12:47:10.769Z",
    "dateReserved": "2026-03-21T12:38:23.575Z",
    "dateUpdated": "2026-03-23T16:24:02.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2019-25617 (GCVE-0-2019-25617)

Vulnerability from cvelistv5 – Published: 2026-03-22 13:38 – Updated: 2026-03-23 19:03
VLAI?
Title
Ease Audio Converter 5.30 Denial of Service via Audio Cutter
Summary
Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interface to trigger an application crash.
Severity ?
6.9 (Medium)
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.2 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Assigner
References
Impacted products
Vendor Product Version
Audiotool Ease Audio Converter Affected: 5.30
Create a notification for this product.
Date Public ?
2019-04-22 00:00
Credits
Achilles
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25617",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-23T19:03:06.000736Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-23T19:03:59.133Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ease Audio Converter",
          "vendor": "Audiotool",
          "versions": [
            {
              "status": "affected",
              "version": "5.30"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Achilles"
        }
      ],
      "datePublic": "2019-04-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interface to trigger an application crash."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-226",
              "description": "Sensitive Information in Resource Not Removed Before Reuse",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-22T13:38:49.049Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-46732",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46732"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "http://www.audiotool.net/download.htm"
        },
        {
          "name": "Product Reference",
          "tags": [
            "product"
          ],
          "url": "http://www.audiotool.net/download/audioconverter.exe"
        },
        {
          "name": "VulnCheck Advisory: Ease Audio Converter 5.30 Denial of Service via Audio Cutter",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/ease-audio-converter-denial-of-service-via-audio-cutter"
        }
      ],
      "title": "Ease Audio Converter 5.30 Denial of Service via Audio Cutter",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25617",
    "datePublished": "2026-03-22T13:38:49.049Z",
    "dateReserved": "2026-03-22T13:30:33.644Z",
    "dateUpdated": "2026-03-23T19:03:59.133Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2019-25645 (GCVE-0-2019-25645)

Vulnerability from cvelistv5 – Published: 2026-03-24 11:27 – Updated: 2026-03-24 13:00
VLAI?
Title
WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service
Summary
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash.
Severity ?
6.9 (Medium)
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.2 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Assigner
References
Impacted products
Vendor Product Version
Winavi WinAVI iPod/3GP/MP4/PSP Converter Affected: 4.4.2
Create a notification for this product.
Date Public ?
2019-03-16 00:00
Credits
Achilles
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25645",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T12:56:51.618896Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T13:00:53.933Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WinAVI iPod/3GP/MP4/PSP Converter",
          "vendor": "Winavi",
          "versions": [
            {
              "status": "affected",
              "version": "4.4.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Achilles"
        }
      ],
      "datePublic": "2019-03-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially crafted AVI file with an oversized buffer and load it through the Convert to iPhone function to trigger an application crash."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-226",
              "description": "Sensitive Information in Resource Not Removed Before Reuse",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T11:27:15.914Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-46554",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/46554"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "http://www.winavi.com"
        },
        {
          "name": "Product Reference",
          "tags": [
            "product"
          ],
          "url": "http://www.winavi.com/user/download/WinAVI_iPod_3GP_MP4_PSP_Converter.exe"
        },
        {
          "name": "VulnCheck Advisory: WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/winavi-ipod-3gp-mp4-psp-converter-denial-of-service"
        }
      ],
      "title": "WinAVI iPod 3GP MP4 PSP Converter 4.4.2 Denial of Service",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2019-25645",
    "datePublished": "2026-03-24T11:27:15.914Z",
    "dateReserved": "2026-03-24T11:06:14.608Z",
    "dateUpdated": "2026-03-24T13:00:53.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2020-27218 (GCVE-0-2020-27218)

Vulnerability from cvelistv5 – Published: 2020-11-28 00:00 – Updated: 2024-08-04 16:11
VLAI?
Summary
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
Severity ?
No CVSS data available.
CWE
  • CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Assigner
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
https://github.com/eclipse/jetty.project/security…
https://lists.apache.org/thread.html/r6d5bb60a13e… mailing-list
https://lists.apache.org/thread.html/r8fee46fd9f1… mailing-list
https://lists.apache.org/thread.html/rbc5a8d7a0a1… mailing-list
https://lists.apache.org/thread.html/r8c839a0d88c… mailing-list
https://lists.apache.org/thread.html/r22776d06582… mailing-list
https://lists.apache.org/thread.html/rfa8879a7134… mailing-list
https://lists.apache.org/thread.html/re86a6ba09dc… mailing-list
https://lists.apache.org/thread.html/r23ce6b8965e… mailing-list
https://lists.apache.org/thread.html/r4981622ba15… mailing-list
https://lists.apache.org/thread.html/re03a5661144… mailing-list
https://lists.apache.org/thread.html/r9f571b08696… mailing-list
https://lists.apache.org/thread.html/ree677ff289b… mailing-list
https://lists.apache.org/thread.html/r1dd302323c6… mailing-list
https://lists.apache.org/thread.html/rdde0ad0a03e… mailing-list
https://lists.apache.org/thread.html/r602683484f6… mailing-list
https://lists.apache.org/thread.html/rb8f413dc923… mailing-list
https://lists.apache.org/thread.html/rde11c433675… mailing-list
https://lists.apache.org/thread.html/rc0e35f4e8a8… mailing-list
https://lists.apache.org/thread.html/r8f5b144e7a7… mailing-list
https://lists.apache.org/thread.html/rd0e44e8ef71… mailing-list
https://lists.apache.org/thread.html/r821bbffb64d… mailing-list
https://lists.apache.org/thread.html/r964d226dd08… mailing-list
https://lists.apache.org/thread.html/r70940cb3035… mailing-list
https://lists.apache.org/thread.html/r5e5cb33b545… mailing-list
https://lists.apache.org/thread.html/r9d7a86fb0b4… mailing-list
https://lists.apache.org/thread.html/r8be8c6f0e40… mailing-list
https://lists.apache.org/thread.html/rc1de630c6ed… mailing-list
https://lists.apache.org/thread.html/r46589f4228a… mailing-list
https://lists.apache.org/thread.html/rc91c405c08b… mailing-list
https://lists.apache.org/thread.html/r2a57c7bbf36… mailing-list
https://lists.apache.org/thread.html/r3d43529452c… mailing-list
https://lists.apache.org/thread.html/r186748e676e… mailing-list
https://lists.apache.org/thread.html/rce9e232a663… mailing-list
https://lists.apache.org/thread.html/re9214a4232b… mailing-list
https://lists.apache.org/thread.html/r8b2271909da… mailing-list
https://lists.apache.org/thread.html/r3807b1c5406… mailing-list
https://lists.apache.org/thread.html/r2f168fd22c0… mailing-list
https://lists.apache.org/thread.html/r078c1203e48… mailing-list
https://lists.apache.org/thread.html/rccc7ba8c51d… mailing-list
https://lists.apache.org/thread.html/r2ffe719224c… mailing-list
https://lists.apache.org/thread.html/re4e67541a0a… mailing-list
https://lists.apache.org/thread.html/r96ef6d20c5b… mailing-list
https://lists.apache.org/thread.html/rcbc408088ae… mailing-list
https://lists.apache.org/thread.html/re4ae7ada52c… mailing-list
https://lists.apache.org/thread.html/r3554a4f192d… mailing-list
https://lists.apache.org/thread.html/racd55c9b704… mailing-list
https://lists.apache.org/thread.html/r7d37d33f2d6… mailing-list
https://lists.apache.org/thread.html/r00858fe27ee… mailing-list
https://lists.apache.org/thread.html/r489dfc3e259… mailing-list
https://lists.apache.org/thread.html/rbe3f2e0a3c3… mailing-list
https://lists.apache.org/thread.html/r51ec0120b6c… mailing-list
https://lists.apache.org/thread.html/r306c8e5aad1… mailing-list
https://lists.apache.org/thread.html/r0d2de2ab555… mailing-list
https://lists.apache.org/thread.html/r5464405909e… mailing-list
https://lists.apache.org/thread.html/r25a47cd0675… mailing-list
https://lists.apache.org/thread.html/rdbdbb4e51f8… mailing-list
https://lists.apache.org/thread.html/rba4bca48d2c… mailing-list
https://lists.apache.org/thread.html/reb75282901d… mailing-list
https://lists.apache.org/thread.html/ra09a653997c… mailing-list
https://lists.apache.org/thread.html/r870bc5e6e35… mailing-list
https://lists.apache.org/thread.html/rf31e24700f7… mailing-list
https://lists.apache.org/thread.html/r8c22aad0711… mailing-list
https://lists.apache.org/thread.html/r32a25679d97… mailing-list
https://lists.apache.org/thread.html/racf9e6ad248… mailing-list
https://lists.apache.org/thread.html/r2a541f08bf5… mailing-list
https://lists.apache.org/thread.html/r4aff5ca6bc9… mailing-list
https://lists.apache.org/thread.html/r850d1d04137… mailing-list
https://lists.apache.org/thread.html/rcf7b5818f71… mailing-list
https://lists.apache.org/thread.html/r5c64173663c… mailing-list
https://lists.apache.org/thread.html/r543ea0a861a… mailing-list
https://lists.apache.org/thread.html/r74ab0f5a5f1… mailing-list
https://lists.apache.org/thread.html/r8eea4c7797e… mailing-list
https://lists.apache.org/thread.html/r500e22d0aed… mailing-list
https://lists.apache.org/thread.html/r94230f46b91… mailing-list
https://lists.apache.org/thread.html/r01806ad8c9c… mailing-list
https://lists.apache.org/thread.html/r8ed14a84656… mailing-list
https://lists.apache.org/thread.html/r706562cbbdd… mailing-list
https://lists.apache.org/thread.html/r6493e43007f… mailing-list
https://lists.apache.org/thread.html/r15500b77c52… mailing-list
https://lists.apache.org/thread.html/r81f82ab8ecb… mailing-list
https://lists.apache.org/thread.html/rd9a96042974… mailing-list
https://lists.apache.org/thread.html/r3b7c8bc7a1c… mailing-list
https://lists.apache.org/thread.html/re3918edd403… mailing-list
https://lists.apache.org/thread.html/r9b465058687… mailing-list
https://lists.apache.org/thread.html/rf0181750e32… mailing-list
https://lists.apache.org/thread.html/rf273267fa2e… mailing-list
https://lists.apache.org/thread.html/rb6a3866c02a… mailing-list
https://lists.apache.org/thread.html/r39f1b1be8e5… mailing-list
https://lists.apache.org/thread.html/re014afaa14f… mailing-list
https://lists.apache.org/thread.html/r153fbefc27a… mailing-list
https://lists.apache.org/thread.html/r7669dab41f2… mailing-list
https://lists.apache.org/thread.html/r4b2e7417a76… mailing-list
https://lists.apache.org/thread.html/rb4ca79d1af5… mailing-list
https://lists.apache.org/thread.html/rd20651e102c… mailing-list
https://lists.apache.org/thread.html/r391d20ab6ec… mailing-list
https://lists.apache.org/thread.html/rbea4d456d88… mailing-list
https://lists.apache.org/thread.html/rbbd003149f9… mailing-list
https://lists.apache.org/thread.html/r05b7ffde2b8… mailing-list
https://lists.apache.org/thread.html/r990e0296b18… mailing-list
https://lists.apache.org/thread.html/r942e21ee90e… mailing-list
https://lists.apache.org/thread.html/r66456df852d… mailing-list
https://lists.apache.org/thread.html/r380e9257bac… mailing-list
https://lists.apache.org/thread.html/r2fda4dab730… mailing-list
https://lists.apache.org/thread.html/rd8e24a3e482… mailing-list
https://lists.apache.org/thread.html/r352e40ca987… mailing-list
https://www.oracle.com/security-alerts/cpuApr2021.html
https://security.netapp.com/advisory/ntap-2020121…
https://lists.apache.org/thread.html/r769e1ba36c6…
https://lists.apache.org/thread.html/rc2b603b7fa7…
https://lists.apache.org/thread.html/ra1c234f0458…
https://lists.apache.org/thread.html/rfa34d2a3e42…
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://lists.debian.org/debian-lts-announce/2023… mailing-list
Impacted products
Vendor Product Version
The Eclipse Foundation Eclipse Jetty Affected: 9.4.0.RC0 to 9.4.34.v20201102
Affected: 10.0.0.alpha0 to 10.0.0.beta2
Affected: 11.0.0.alpha0 to 11.0.0.beta2
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:11:36.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8"
          },
          {
            "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6d5bb60a13e8b539600f86cb72097967b951de5c7ef1e4005cda74a7%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] phunt commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8fee46fd9f1254150cc55eecf1ea6a448fca1f7cf1d1e7f9c4803fdb%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20201205 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6cfe111b2f00f26d16b%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8c839a0d88cd6504abbe72c260371094f47014b2ba08d8d2c0232e3c%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r22776d06582985cca5bd2a92519a2b13b4cae2d8e087318da03c036d%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfa8879a713480b206c152334419499e6af0878c36217abcc9ab4f0d1%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re86a6ba09dc74e709db843e3561ead923c8fd1cba32343656dd8c44b%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20201206 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r23ce6b8965e30808daa77a80fcd69833b1fc632d80465d0419eff619%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4981622ba15e8be1657d30b7c85044c7aabe89751fa7324f8604b834%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re03a566114435a8cc8eb72158242b0f560c5eeccbb4ee98d22de8373%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f571b086965b35d4e91e47fb67c27b42b62762248b4900ba723599f%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ree677ff289ba9a90850f2e3ba7279555df1a170263ba39c5272db236%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2831ae70d924974bea%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdde0ad0a03eec962c56b46e70e225918ea2368dcc3fd3488741fad53%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r602683484f607cd1b9598caf3e549fbb01c43fd46a582a32cc3bb545%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb8f413dc923070919b09db3ac87d079a2dcc6f0adfbb029e206a7930%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20201208 Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f1551a518033d3716553%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201211 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc0e35f4e8a8a36127e3ae7a67f325a3a6a4dbe05034130fb04b6f3b6%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201215 [GitHub] [zookeeper] phunt commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8f5b144e7a7c2b338f01139d891abbaba12a8173ee01110d21bd0b4d%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r821bbffb64da0f062b4e72d1aa600b91e26bc82a28298ab159121215%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20201224 [zookeeper] branch master updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398e5c4793f1d7e19da8%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r70940cb30356642f0c49af49259680d6bd866f51c4e8de0f8a498fb0%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] eolivelli commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5e5cb33b545548ec4684d33bd88b05a0ae89c4d7cac93eb63255f58f%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9d7a86fb0b45e5b1855d4df83a5820eef813d55eae3edf224f3d5055%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8be8c6f0e404a3179d988eb8afed03ede5f2d5ce986d3f709fb82610%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20201224 [jira] [Resolved] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc1de630c6ed9a958d9f811e816d6d8efb6ca94aed0869bc5cda9d7f8%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r46589f4228aabd5fb16135ff5bef0f77f06cdef64f9785ac3349fa02%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc91c405c08b529b7292c75d9bd497849db700a1297fe3432990f6774%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2a57c7bbf36afc87f8ad9e1dd2f53a08e85a1b531283fc2efce4fe17%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[hbase-dev] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3d43529452c5a16338e8267eb911e8aedc64c3241624302e673961c1%40%3Cdev.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r186748e676e5aeb4eb603361e6367555ae4daecbde55cfd69fa68ec6%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] pankaj72981 opened a new pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rce9e232a663d8405c003fe83d5c86c27d1ed65561f3690e824717bc4%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re9214a4232b7ae204288c283bcee4e39f07da6cc34798e9217ba4eb6%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210205 [jira] [Work started] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8b2271909dabb45f0f1482ef35ffe106ae4b0cf8e877eb514e9cd421%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210205 [jira] [Updated] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3807b1c54066797c4870e03bd2376bdcce9c7c4e6143499f53cd9ca2%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2f168fd22c071bdd95ec696e45d2a01e928b9fcadbe94fbabeb1549d%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6273b124f349988%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] jojochuang commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rccc7ba8c51d662e13496df20466d27dbab54d7001e9e7b2f31468a9e%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2ffe719224cbe5897f2d06dd22fc77fa12377c39efe9de0c3bf3f837%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-commits] 20210206 [hbase-thirdparty] branch master updated: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re4e67541a0a25a8589e89f52f8cd163c863fe04b59e048f9f1a04958%40%3Ccommits.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r96ef6d20c5bd3d42dab500bac56a427e1dce00cf85b083987617643d%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] busbey closed pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcbc408088ae99dc3167ea293a562a3a9a7295a20e9a1bfc93e43ae1b%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-dev] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re4ae7ada52c5ecfe805eb86ddc0af399ec8a57bfb0d8c632b8723b88%40%3Cdev.hbase.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3554a4f192db6008c03f2c6c3e0f1691a9b0d615ce955ef67a876ff7%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/racd55c9b704aa68cfb4436f17739b612b5d4f887155e04ed521a4b67%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210212 [jira] [Assigned] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7d37d33f2d68912985daf40203182e3d86f3e81266b7a7f350689eeb%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210212 [jira] [Commented] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791b5300390bd8480%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210216 [GitHub] [spark] sarutak opened a new pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r489dfc3e259ad3837141985dd9291b93e6b40496cdf58808915d67e9%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-issues] 20210216 [jira] [Created] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbe3f2e0a3c38ed9cbef81507b7cc6e523341865e30dc15c7503adc76%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210216 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r51ec0120b6c849d12fb7fef34db87ef0bf79fcfcd3d703a9800afbba%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-issues] 20210216 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r306c8e5aad1b9afc0c9278430fb571950fbb3ab7dd5d369eb618ffa4%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[spark-issues] 20210216 [jira] [Assigned] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0d2de2ab5558da68b504bd30db74da1d97dc152a857f5b7e462288ab%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210216 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5464405909eb0e1059d5dd57d10c435b9f19325fdebbadb4f1126997%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210217 [GitHub] [spark] dongjoon-hyun commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r25a47cd06750ebb4b0f23a9b7a57c209702c8566a4c970a41ac088df%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdbdbb4e51f8857e082b464cd128decd7263cf0fb8557f12993562c56%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rba4bca48d2cdfa8c08afc368a9cc4572ec85a5915ba29b8a194bf505%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210217 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/reb75282901d0969ba6582725ce8672070715d0773f6ff54dedd60156%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210217 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra09a653997cbf10aab8c0deabc0fa49f5a8a8ce4305ce9089b98485f%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210217 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r870bc5e6e354c3e28ea029cb5726c9e8dd2b88cb0f5f7de1d4e3133d%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210217 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf31e24700f725ef81bc5a2e0444a60e1f295ed0a54c0098362a7bdfa%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210217 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8c22aad0711321537183ccddcade7274ebf9dcbdcdacc6c4f90f43de%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r32a25679d97bf5969d130f8e9b3a3fc54110095397d89952e93dbeb0%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/racf9e6ad2482cb9b1e3e1b2c1b443d9d5cf14055fb54dec3d2dcce91%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210217 [GitHub] [spark] srowen commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2a541f08bf5f847394297c13a5305c2f76c11e46504ce2a49653890a%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4aff5ca6bc94a6f13ff77914fd960185ab70cd6cebe96fffd74543ac%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r850d1d0413716e8ba6d910cae7b01a0e560636e17d664769b5080ca5%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcf7b5818f71bb97fd695eb0f54f8f4f69e15cc5f9ec761ea8be0d0d3%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-commits] 20210218 [spark] branch branch-3.1 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5c64173663c71f222ea40617ab362d7a590935fb75c18817fdec377e%40%3Ccommits.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r543ea0a861a78d84c22656fb76880d7ab327048cf7ee3ccc7281375d%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon closed pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r74ab0f5a5f16ca01eb145403ab753df5b348b8c1656d7c8501d0bfc6%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8eea4c7797e701f6494c72942dd89f471cda4c2c6e9abbaf05d113d8%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-commits] 20210218 [spark] branch branch-3.0 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r500e22d0aedba1866d0b5e76429b76652a473a0209fa8bf66c9f7aab%40%3Ccommits.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r94230f46b91c364d39922a8ba0cfe12b8dba1556b14792719a7d921f%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] sarutak opened a new pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bba082ca04d98179%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8ed14a84656fa0bb8df3bf9373c5be80f47ceac1e2ff068ee734fdb3%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r706562cbbdda569cc556d8a7983d1f9229606e7b51337b820785af26%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-issues] 20210218 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6493e43007f41e34cdbbb66622307fa235374dd2ec5bf52c61075a68%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r15500b77c52390e2ec048cea4a6b45edf907ea61cd13259193ff8601%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac1e2af6baf0f344a59%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976dac2e4c46bb54b32d7%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210219 [GitHub] [spark] srowen commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b8758e2a5777ea1cd3%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210219 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9b46505868794fba04d401956304e63e4d8e39bdc118d30e5e87dcd9%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210219 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf0181750e321518c8afa8001e0529d50a9447714ef4f58d98af57904%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf273267fa2e49314643af3141cec239f97d41de8a59be4ef7e10c65a%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb6a3866c02ac4446451c7d9dceab2373b6d32fb058f9085c6143de30%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon closed pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r39f1b1be8e5c0935f7c515eedf907909474bad15185125daacb36d50%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-issues] 20210219 [jira] [Resolved] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re014afaa14f4df9d33912ab64dc57249e1c170c7448d7175c6d014ff%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r153fbefc27a1b2033692f32ef728ca909a7c7bcc1d21b6c35b38bdd5%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-commits] 20210219 [spark] branch branch-2.4 updated: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7669dab41f2b34d56bb67700d869dc9c025ff72e9468204799f5ac29%40%3Ccommits.spark.apache.org%3E"
          },
          {
            "name": "[spark-issues] 20210222 [jira] [Updated] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4b2e7417a76e3dd4dc9855c6c138c49484080754a09927454f6d89f0%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr opened a new pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb4ca79d1af5237108ce8770b7c46ca78095f62ef21331d9d06142388%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd20651e102cb6742a9d9322ea7b5fc3ab60a7ffecb50fa9157cbf176%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210222 [GitHub] [kafka] ijuma commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r391d20ab6ec03d6becc7a9f0c5e0f45a7ad8af6b996ae0a49839f6bd%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210222 [GitHub] [kafka] omkreddy closed pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbea4d456d88b043be86739ab0200ad06ba5a7921064411c098f79831%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210222 [kafka] branch 2.7 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbbd003149f929b0e2fe58fb315de1658e98377225632e7e4239323fb%40%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09b32c4705d23a4a%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210222 [kafka] branch 2.8 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r990e0296b188d4530d1053882f687fa4f938f108425db2999a180944%40%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r942e21ee90e2617a00a08b17b0ac2db961959bec969b91df61584d38%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210222 [kafka] branch 2.6 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r66456df852de06a0eed2c0a50252a2c8d360b8a5c005f63c0b1e3d25%40%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201218-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab4a844f9b28bcf7959%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3bf4b29d69a772d72a%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139e109207345fa57d9e%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Jetty",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "9.4.0.RC0 to 9.4.34.v20201102"
            },
            {
              "status": "affected",
              "version": "10.0.0.alpha0 to 10.0.0.beta2"
            },
            {
              "status": "affected",
              "version": "11.0.0.alpha0 to 11.0.0.beta2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-226",
              "description": "CWE-226: Sensitive Information in Resource Not Removed Before Reuse",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-30T21:06:23.588Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892"
        },
        {
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8"
        },
        {
          "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r6d5bb60a13e8b539600f86cb72097967b951de5c7ef1e4005cda74a7%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] phunt commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r8fee46fd9f1254150cc55eecf1ea6a448fca1f7cf1d1e7f9c4803fdb%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20201205 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6cfe111b2f00f26d16b%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r8c839a0d88cd6504abbe72c260371094f47014b2ba08d8d2c0232e3c%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r22776d06582985cca5bd2a92519a2b13b4cae2d8e087318da03c036d%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rfa8879a713480b206c152334419499e6af0878c36217abcc9ab4f0d1%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/re86a6ba09dc74e709db843e3561ead923c8fd1cba32343656dd8c44b%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20201206 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r23ce6b8965e30808daa77a80fcd69833b1fc632d80465d0419eff619%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r4981622ba15e8be1657d30b7c85044c7aabe89751fa7324f8604b834%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/re03a566114435a8cc8eb72158242b0f560c5eeccbb4ee98d22de8373%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r9f571b086965b35d4e91e47fb67c27b42b62762248b4900ba723599f%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/ree677ff289ba9a90850f2e3ba7279555df1a170263ba39c5272db236%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2831ae70d924974bea%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rdde0ad0a03eec962c56b46e70e225918ea2368dcc3fd3488741fad53%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r602683484f607cd1b9598caf3e549fbb01c43fd46a582a32cc3bb545%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rb8f413dc923070919b09db3ac87d079a2dcc6f0adfbb029e206a7930%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20201208 Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f1551a518033d3716553%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201211 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rc0e35f4e8a8a36127e3ae7a67f325a3a6a4dbe05034130fb04b6f3b6%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201215 [GitHub] [zookeeper] phunt commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r8f5b144e7a7c2b338f01139d891abbaba12a8173ee01110d21bd0b4d%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r821bbffb64da0f062b4e72d1aa600b91e26bc82a28298ab159121215%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20201224 [zookeeper] branch master updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398e5c4793f1d7e19da8%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r70940cb30356642f0c49af49259680d6bd866f51c4e8de0f8a498fb0%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] eolivelli commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r5e5cb33b545548ec4684d33bd88b05a0ae89c4d7cac93eb63255f58f%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r9d7a86fb0b45e5b1855d4df83a5820eef813d55eae3edf224f3d5055%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r8be8c6f0e404a3179d988eb8afed03ede5f2d5ce986d3f709fb82610%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20201224 [jira] [Resolved] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rc1de630c6ed9a958d9f811e816d6d8efb6ca94aed0869bc5cda9d7f8%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r46589f4228aabd5fb16135ff5bef0f77f06cdef64f9785ac3349fa02%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rc91c405c08b529b7292c75d9bd497849db700a1297fe3432990f6774%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r2a57c7bbf36afc87f8ad9e1dd2f53a08e85a1b531283fc2efce4fe17%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[hbase-dev] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r3d43529452c5a16338e8267eb911e8aedc64c3241624302e673961c1%40%3Cdev.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r186748e676e5aeb4eb603361e6367555ae4daecbde55cfd69fa68ec6%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] pankaj72981 opened a new pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rce9e232a663d8405c003fe83d5c86c27d1ed65561f3690e824717bc4%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/re9214a4232b7ae204288c283bcee4e39f07da6cc34798e9217ba4eb6%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210205 [jira] [Work started] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r8b2271909dabb45f0f1482ef35ffe106ae4b0cf8e877eb514e9cd421%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210205 [jira] [Updated] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r3807b1c54066797c4870e03bd2376bdcce9c7c4e6143499f53cd9ca2%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r2f168fd22c071bdd95ec696e45d2a01e928b9fcadbe94fbabeb1549d%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6273b124f349988%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] jojochuang commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rccc7ba8c51d662e13496df20466d27dbab54d7001e9e7b2f31468a9e%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r2ffe719224cbe5897f2d06dd22fc77fa12377c39efe9de0c3bf3f837%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-commits] 20210206 [hbase-thirdparty] branch master updated: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/re4e67541a0a25a8589e89f52f8cd163c863fe04b59e048f9f1a04958%40%3Ccommits.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r96ef6d20c5bd3d42dab500bac56a427e1dce00cf85b083987617643d%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] busbey closed pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rcbc408088ae99dc3167ea293a562a3a9a7295a20e9a1bfc93e43ae1b%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-dev] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/re4ae7ada52c5ecfe805eb86ddc0af399ec8a57bfb0d8c632b8723b88%40%3Cdev.hbase.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r3554a4f192db6008c03f2c6c3e0f1691a9b0d615ce955ef67a876ff7%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/racd55c9b704aa68cfb4436f17739b612b5d4f887155e04ed521a4b67%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210212 [jira] [Assigned] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r7d37d33f2d68912985daf40203182e3d86f3e81266b7a7f350689eeb%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210212 [jira] [Commented] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791b5300390bd8480%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210216 [GitHub] [spark] sarutak opened a new pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r489dfc3e259ad3837141985dd9291b93e6b40496cdf58808915d67e9%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-issues] 20210216 [jira] [Created] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rbe3f2e0a3c38ed9cbef81507b7cc6e523341865e30dc15c7503adc76%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210216 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r51ec0120b6c849d12fb7fef34db87ef0bf79fcfcd3d703a9800afbba%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-issues] 20210216 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r306c8e5aad1b9afc0c9278430fb571950fbb3ab7dd5d369eb618ffa4%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[spark-issues] 20210216 [jira] [Assigned] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r0d2de2ab5558da68b504bd30db74da1d97dc152a857f5b7e462288ab%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210216 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r5464405909eb0e1059d5dd57d10c435b9f19325fdebbadb4f1126997%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210217 [GitHub] [spark] dongjoon-hyun commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r25a47cd06750ebb4b0f23a9b7a57c209702c8566a4c970a41ac088df%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rdbdbb4e51f8857e082b464cd128decd7263cf0fb8557f12993562c56%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rba4bca48d2cdfa8c08afc368a9cc4572ec85a5915ba29b8a194bf505%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210217 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/reb75282901d0969ba6582725ce8672070715d0773f6ff54dedd60156%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210217 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/ra09a653997cbf10aab8c0deabc0fa49f5a8a8ce4305ce9089b98485f%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210217 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r870bc5e6e354c3e28ea029cb5726c9e8dd2b88cb0f5f7de1d4e3133d%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210217 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rf31e24700f725ef81bc5a2e0444a60e1f295ed0a54c0098362a7bdfa%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210217 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r8c22aad0711321537183ccddcade7274ebf9dcbdcdacc6c4f90f43de%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r32a25679d97bf5969d130f8e9b3a3fc54110095397d89952e93dbeb0%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/racf9e6ad2482cb9b1e3e1b2c1b443d9d5cf14055fb54dec3d2dcce91%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210217 [GitHub] [spark] srowen commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r2a541f08bf5f847394297c13a5305c2f76c11e46504ce2a49653890a%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r4aff5ca6bc94a6f13ff77914fd960185ab70cd6cebe96fffd74543ac%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r850d1d0413716e8ba6d910cae7b01a0e560636e17d664769b5080ca5%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rcf7b5818f71bb97fd695eb0f54f8f4f69e15cc5f9ec761ea8be0d0d3%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-commits] 20210218 [spark] branch branch-3.1 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r5c64173663c71f222ea40617ab362d7a590935fb75c18817fdec377e%40%3Ccommits.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r543ea0a861a78d84c22656fb76880d7ab327048cf7ee3ccc7281375d%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon closed pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r74ab0f5a5f16ca01eb145403ab753df5b348b8c1656d7c8501d0bfc6%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r8eea4c7797e701f6494c72942dd89f471cda4c2c6e9abbaf05d113d8%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-commits] 20210218 [spark] branch branch-3.0 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r500e22d0aedba1866d0b5e76429b76652a473a0209fa8bf66c9f7aab%40%3Ccommits.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r94230f46b91c364d39922a8ba0cfe12b8dba1556b14792719a7d921f%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] sarutak opened a new pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bba082ca04d98179%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r8ed14a84656fa0bb8df3bf9373c5be80f47ceac1e2ff068ee734fdb3%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r706562cbbdda569cc556d8a7983d1f9229606e7b51337b820785af26%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-issues] 20210218 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r6493e43007f41e34cdbbb66622307fa235374dd2ec5bf52c61075a68%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r15500b77c52390e2ec048cea4a6b45edf907ea61cd13259193ff8601%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac1e2af6baf0f344a59%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976dac2e4c46bb54b32d7%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f2906e934d1b11de3a40%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210219 [GitHub] [spark] srowen commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b8758e2a5777ea1cd3%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210219 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r9b46505868794fba04d401956304e63e4d8e39bdc118d30e5e87dcd9%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210219 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rf0181750e321518c8afa8001e0529d50a9447714ef4f58d98af57904%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rf273267fa2e49314643af3141cec239f97d41de8a59be4ef7e10c65a%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rb6a3866c02ac4446451c7d9dceab2373b6d32fb058f9085c6143de30%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon closed pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r39f1b1be8e5c0935f7c515eedf907909474bad15185125daacb36d50%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-issues] 20210219 [jira] [Resolved] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/re014afaa14f4df9d33912ab64dc57249e1c170c7448d7175c6d014ff%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r153fbefc27a1b2033692f32ef728ca909a7c7bcc1d21b6c35b38bdd5%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-commits] 20210219 [spark] branch branch-2.4 updated: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r7669dab41f2b34d56bb67700d869dc9c025ff72e9468204799f5ac29%40%3Ccommits.spark.apache.org%3E"
        },
        {
          "name": "[spark-issues] 20210222 [jira] [Updated] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r4b2e7417a76e3dd4dc9855c6c138c49484080754a09927454f6d89f0%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr opened a new pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rb4ca79d1af5237108ce8770b7c46ca78095f62ef21331d9d06142388%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rd20651e102cb6742a9d9322ea7b5fc3ab60a7ffecb50fa9157cbf176%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210222 [GitHub] [kafka] ijuma commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r391d20ab6ec03d6becc7a9f0c5e0f45a7ad8af6b996ae0a49839f6bd%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210222 [GitHub] [kafka] omkreddy closed pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rbea4d456d88b043be86739ab0200ad06ba5a7921064411c098f79831%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-commits] 20210222 [kafka] branch 2.7 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rbbd003149f929b0e2fe58fb315de1658e98377225632e7e4239323fb%40%3Ccommits.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09b32c4705d23a4a%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-commits] 20210222 [kafka] branch 2.8 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r990e0296b188d4530d1053882f687fa4f938f108425db2999a180944%40%3Ccommits.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r942e21ee90e2617a00a08b17b0ac2db961959bec969b91df61584d38%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-commits] 20210222 [kafka] branch 2.6 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r66456df852de06a0eed2c0a50252a2c8d360b8a5c005f63c0b1e3d25%40%3Ccommits.kafka.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc1234e3debb94515796b%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21%40%3Ccommits.samza.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20201218-0003/"
        },
        {
          "url": "https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab4a844f9b28bcf7959%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "url": "https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3bf4b29d69a772d72a%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "url": "https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139e109207345fa57d9e%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "url": "https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2020-27218",
    "datePublished": "2020-11-28T00:00:00.000Z",
    "dateReserved": "2020-10-19T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:11:36.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39393 (GCVE-0-2022-39393)

Vulnerability from cvelistv5 – Published: 2022-11-10 00:00 – Updated: 2025-05-02 12:51
VLAI?
Title
Wasmtime vulnerable to data leakage between instances in the pooling allocator
Summary
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2 and 1.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`.
Severity ?
8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE
  • CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Assigner
References
Impacted products
Vendor Product Version
bytecodealliance wasmtime Affected: >= 2.0.0, < 2.0.2
Affected: < 1.0.2
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:07:42.224Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bytecodealliance/wasmtime/commit/2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39393",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:49:01.866453Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:39:11.212Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wasmtime",
          "vendor": "bytecodealliance",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.0.2"
            },
            {
              "status": "affected",
              "version": "\u003c 1.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime\u0027s implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2 and 1.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-226",
              "description": "CWE-226: Sensitive Information in Resource Not Removed Before Reuse",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-02T12:51:28.525Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf"
        },
        {
          "name": "https://github.com/bytecodealliance/wasmtime/commit/2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/bytecodealliance/wasmtime/commit/2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0"
        }
      ],
      "source": {
        "advisory": "GHSA-wh6w-3828-g9qf",
        "discovery": "UNKNOWN"
      },
      "title": "Wasmtime vulnerable to data leakage between instances in the pooling allocator"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39393",
    "datePublished": "2022-11-10T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-05-02T12:51:28.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}
Mitigation

Phases: Architecture and Design, Implementation

Description:

  • During critical state transitions, information not needed in the next state should be removed or overwritten with fixed patterns (such as all 0's) or random data, before the transition to the next state.
Mitigation

Phases: Architecture and Design, Implementation

Description:

  • When releasing, de-allocating, or deleting a resource, overwrite its data and relevant metadata with fixed patterns or random data. Be cautious about complex resource types whose underlying representation might be non-contiguous or change at a low level, such as how a file might be split into different chunks on a file system, even though "logical" file positions are contiguous at the application layer. Such resource types might require invocation of special modes or APIs to tell the underlying operating system to perform the necessary clearing, such as SDelete (Secure Delete) on Windows, although the appropriate functionality might not be available at the application layer.
CAPEC-37: Retrieve Embedded Sensitive Data

An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.

Back to CWE stats page