Commerce guided search

This hub aggregates every CVE we track for Commerce guided search, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Commerce guided search.

• CVE-2023-22029Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows una...6.1Oct 17, 2023
• CVE-2022-21466Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.2. Easily exploitable vulnerability a...7.5Apr 19, 2022
• CVE-2022-22946In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManag...5.5Mar 4, 2022
• CVE-2022-22947In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote a...KEV10.0Mar 3, 2022
• CVE-2021-43859Denial of Service by injecting highly recursive collections or maps in XStream7.5Feb 1, 2022
• CVE-2021-41165HTML comments vulnerability allowing to execute JavaScript code8.2Nov 17, 2021
• CVE-2021-41164Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML8.2Nov 17, 2021
• CVE-2021-37136The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Dec...7.5Oct 19, 2021
• CVE-2021-37137The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was rece...7.5Oct 19, 2021
• CVE-2021-42340DoS via memory leak with WebSocket connections7.5Oct 14, 2021
• CVE-2021-22947When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that...5.9Sep 29, 2021
• CVE-2021-22946A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUS...7.5Sep 29, 2021
• CVE-2021-40690Bypass of the secureValidation property7.5Sep 19, 2021
• CVE-2021-39150A Server-Side Forgery Request vulnerability in XStream via PriorityQueue unmarshaling8.5Aug 23, 2021
• CVE-2021-39152A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling8.5Aug 23, 2021