Jboss fuse

This hub aggregates every CVE we track for Jboss fuse, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Jboss fuse.

• CVE-2024-7885Undertow: improper state management in proxy protocol parsing causes information leakage7.5Aug 21, 2024
• CVE-2023-6717Keycloak: xss via assertion consumer service url in saml post-binding flow6.0Apr 25, 2024
• CVE-2023-26159Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, ...7.3Jan 2, 2024
• CVE-2023-45648Apache Tomcat: Trailer header parsing too lenient5.3Oct 10, 2023
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2023-35116jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that ...4.7Jun 14, 2023
• CVE-2023-26464Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender7.5Mar 10, 2023
• CVE-2022-4492The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and...7.5Feb 23, 2023
• CVE-2022-41966XStream Denial of Service via stack overflow 8.2Dec 27, 2022
• CVE-2022-41854Stack Overflow in Snakeyaml5.8Nov 11, 2022
• CVE-2022-37865Apache Ivy allows creating/overwriting any file on the system9.1Nov 7, 2022
• CVE-2022-42920Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing9.8Nov 7, 2022
• CVE-2022-3647Redis Crash Report debug.c sigsegvHandler denial of service3.1Oct 21, 2022
• CVE-2022-38749DoS in SnakeYAML6.5Sep 5, 2022
• CVE-2022-2764A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.4.9Sep 1, 2022