Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by cometd
CVE-2025-53114 (GCVE-0-2025-53114)
Vulnerability from cvelistv5 – Published: 2026-06-18 16:25 – Updated: 2026-06-18 17:33
VLAI
Title
CometD has acknowledgement extension out of memory
Summary
CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged message queue to grow indefinitely, eventually causing an `OutOfMemoryError`. Versions 5.0.23, 6.0.19, 7.0.19, and 8.0.9 patch the issue. As a workaround, disable the acknowledgement extension.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/cometd/cometd/security/advisor… | x_refsource_CONFIRM |
| https://github.com/cometd/cometd/issues/2117 | x_refsource_MISC |
| https://github.com/cometd/cometd/pull/2118 | x_refsource_MISC |
| https://github.com/cometd/cometd/pull/2168 | x_refsource_MISC |
| https://github.com/cometd/cometd/pull/2169 | x_refsource_MISC |
| https://github.com/cometd/cometd/discussions/2116 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T17:30:58.888648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T17:33:39.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cometd",
"vendor": "cometd",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.23"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.19"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.19"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged message queue to grow indefinitely, eventually causing an `OutOfMemoryError`. Versions 5.0.23, 6.0.19, 7.0.19, and 8.0.9 patch the issue. As a workaround, disable the acknowledgement extension."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T16:25:47.388Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cometd/cometd/security/advisories/GHSA-cqgj-h8vf-4w59",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-cqgj-h8vf-4w59"
},
{
"name": "https://github.com/cometd/cometd/issues/2117",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cometd/cometd/issues/2117"
},
{
"name": "https://github.com/cometd/cometd/pull/2118",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cometd/cometd/pull/2118"
},
{
"name": "https://github.com/cometd/cometd/pull/2168",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cometd/cometd/pull/2168"
},
{
"name": "https://github.com/cometd/cometd/pull/2169",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cometd/cometd/pull/2169"
},
{
"name": "https://github.com/cometd/cometd/discussions/2116",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cometd/cometd/discussions/2116"
}
],
"source": {
"advisory": "GHSA-cqgj-h8vf-4w59",
"discovery": "UNKNOWN"
},
"title": "CometD has acknowledgement extension out of memory"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53114",
"datePublished": "2026-06-18T16:25:47.388Z",
"dateReserved": "2025-06-25T13:41:23.088Z",
"dateUpdated": "2026-06-18T17:33:39.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-24721 (GCVE-0-2022-24721)
Vulnerability from cvelistv5 – Published: 2022-03-15 13:45 – Updated: 2025-04-23 18:53
VLAI
Title
Incorrect Authorization in org.cometd.oort
Summary
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users' (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user's data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/cometd/cometd/security/advisor… | x_refsource_CONFIRM |
| https://github.com/cometd/cometd/issues/1146 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:49.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cometd/cometd/issues/1146"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:55:05.699070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:53:56.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cometd",
"vendor": "cometd",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.11"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.6"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T13:45:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cometd/cometd/issues/1146"
}
],
"source": {
"advisory": "GHSA-rjmq-6v55-4rjv",
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization in org.cometd.oort",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24721",
"STATE": "PUBLIC",
"TITLE": "Incorrect Authorization in org.cometd.oort"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "cometd",
"version": {
"version_data": [
{
"version_value": "\u003c 5.0.11"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.6"
},
{
"version_value": "\u003e= 7.0.0, \u003c 7.0.6"
}
]
}
}
]
},
"vendor_name": "cometd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv",
"refsource": "CONFIRM",
"url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
},
{
"name": "https://github.com/cometd/cometd/issues/1146",
"refsource": "MISC",
"url": "https://github.com/cometd/cometd/issues/1146"
}
]
},
"source": {
"advisory": "GHSA-rjmq-6v55-4rjv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24721",
"datePublished": "2022-03-15T13:45:13.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:53:56.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}