Migration toolkit for runtimes

This hub aggregates every CVE we track for Migration toolkit for runtimes, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Migration toolkit for runtimes.

• CVE-2023-4639Undertow: cookie smuggling/spoofing7.4Nov 17, 2024
• CVE-2024-1132Keycloak: path transversal in redirection validation8.1Apr 17, 2024
• CVE-2024-1300Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support5.4Apr 2, 2024
• CVE-2024-1023Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx6.5Mar 27, 2024
• CVE-2023-26159Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, ...7.3Jan 2, 2024
• CVE-2022-46751Apache Ivy: XML External Entity vulnerability in Apache Ivy8.2Aug 21, 2023
• CVE-2023-34462netty-handler SniHandler 16MB allocation6.5Jun 22, 2023
• CVE-2023-1664A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak....6.5May 26, 2023
• CVE-2023-26049Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty2.4Apr 18, 2023
• CVE-2023-26048OutOfMemoryError for large multipart without filename in Eclipse Jetty5.3Apr 18, 2023
• CVE-2021-46877jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving Jso...7.5Mar 18, 2023
• CVE-2023-26464Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender7.5Mar 10, 2023
• CVE-2022-4492The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and...7.5Feb 23, 2023
• CVE-2022-41966XStream Denial of Service via stack overflow 8.2Dec 27, 2022
• CVE-2022-45047Apache MINA SSHD: Java unsafe deserialization vulnerability9.8Nov 16, 2022