Snap creator framework

This hub aggregates every CVE we track for Snap creator framework, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Snap creator framework.

• CVE-2022-22968In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectiv...5.3Apr 14, 2022
• CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.7.5Mar 11, 2022
• CVE-2021-45105Apache Log4j2 does not always protect from infinite recursion in lookup evaluation5.9Dec 18, 2021
• CVE-2021-42550RCE from attacker with configuration edit priviledges through JNDI lookup6.6Dec 16, 2021
• CVE-2021-22096In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.4.3Oct 28, 2021
• CVE-2021-34429For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security...5.3Jul 15, 2021
• CVE-2021-34428For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID ma...2.9Jun 22, 2021
• CVE-2021-28169For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. F...5.3Jun 9, 2021
• CVE-2020-27223In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) pa...5.2Feb 26, 2021
• CVE-2021-23901An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser9.1Jan 25, 2021
• CVE-2021-23926XMLBeans XML Entity Expansion9.1Jan 14, 2021
• CVE-2020-27218In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clien...4.8Nov 28, 2020
• CVE-2020-13954Apache CXF Reflected XSS in the services listing page via the styleSheetPath6.1Nov 12, 2020
• CVE-2020-27216In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between ...7.0Oct 23, 2020
• CVE-2020-5421RFD Protection Bypass via jsessionid6.5Sep 19, 2020