gitimages.expertflow.com/cim/360-connector:4.4 (alpine 3.12.3)
==============================================================
Total: 76 (UNKNOWN: 0, LOW: 10, MEDIUM: 20, HIGH: 40, CRITICAL: 6)

+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
|   LIBRARY    | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| apk-tools    | CVE-2021-36159   | CRITICAL | 2.10.5-r1         | 2.10.7-r0     | libfetch: an out of                   |
|              |                  |          |                   |               | boundary read while libfetch          |
|              |                  |          |                   |               | uses strtol to parse...               |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-36159 |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-30139   | HIGH     |                   | 2.10.6-r0     | In Alpine Linux apk-tools             |
|              |                  |          |                   |               | before 2.12.5, the tarball            |
|              |                  |          |                   |               | parser allows a buffer...             |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-30139 |
+--------------+------------------+          +-------------------+---------------+---------------------------------------+
| busybox      | CVE-2021-28831   |          | 1.31.1-r19        | 1.31.1-r20    | busybox: invalid free or segmentation |
|              |                  |          |                   |               | fault via malformed gzip data         |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-28831 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-42378   |          |                   | 1.31.1-r21    | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42378 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42379   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42379 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42380   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42380 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42381   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42381 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42382   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42382 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42383   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42383 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42384   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42384 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42385   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42385 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42386   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42386 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2022-28391   |          |                   | 1.31.1-r22    | busybox: remote attackers may execute |
|              |                  |          |                   |               | arbitrary code if netstat is used     |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-28391 |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-42374   | MEDIUM   |                   | 1.31.1-r21    | busybox: out-of-bounds read           |
|              |                  |          |                   |               | in unlzma applet leads to             |
|              |                  |          |                   |               | information leak and denial...        |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42374 |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| curl         | CVE-2021-22945   | CRITICAL | 7.69.1-r3         | 7.79.0-r0     | curl: use-after-free and              |
|              |                  |          |                   |               | double-free in MQTT sending           |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22945 |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-22901   | HIGH     |                   | 7.77.0-r0     | curl: Use-after-free in               |
|              |                  |          |                   |               | TLS session handling when             |
|              |                  |          |                   |               | using OpenSSL TLS backend             |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22901 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22946   |          |                   | 7.79.0-r0     | curl: Requirement to use              |
|              |                  |          |                   |               | TLS not properly enforced             |
|              |                  |          |                   |               | for IMAP, POP3, and...                |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22946 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2022-22576   |          |                   | 7.79.1-r1     | curl: OAUTH2 bearer bypass            |
|              |                  |          |                   |               | in connection re-use                  |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-22576 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2022-27775   |          |                   |               | curl: bad local IPv6 connection reuse |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-27775 |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-22876   | MEDIUM   |                   | 7.76.0-r0     | curl: Leak of authentication          |
|              |                  |          |                   |               | credentials in URL                    |
|              |                  |          |                   |               | via automatic Referer                 |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22876 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22922   |          |                   | 7.78.0-r0     | curl: Content not matching hash       |
|              |                  |          |                   |               | in Metalink is not being discarded    |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22922 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-22923   |          |                   |               | curl: Metalink download               |
|              |                  |          |                   |               | sends credentials                     |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22923 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-22925   |          |                   |               | curl: Incorrect fix for               |
|              |                  |          |                   |               | CVE-2021-22898 TELNET                 |
|              |                  |          |                   |               | stack contents disclosure             |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22925 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22947   |          |                   | 7.79.0-r0     | curl: Server responses                |
|              |                  |          |                   |               | received before STARTTLS              |
|              |                  |          |                   |               | processed after TLS handshake         |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22947 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2022-27774   |          |                   | 7.79.1-r1     | curl: credential leak on redirect     |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-27774 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2022-27776   |          |                   |               | curl: auth/cookie leak on redirect    |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-27776 |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2020-8284    | LOW      |                   | 7.74.0-r0     | curl: FTP PASV command                |
|              |                  |          |                   |               | response can cause curl               |
|              |                  |          |                   |               | to connect to arbitrary...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-8284  |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22890   |          |                   | 7.76.0-r0     | curl: TLS 1.3 session ticket          |
|              |                  |          |                   |               | mix-up with HTTPS proxy host          |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22890 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22898   |          |                   | 7.77.0-r0     | curl: TELNET stack                    |
|              |                  |          |                   |               | contents disclosure                   |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22898 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22924   |          |                   | 7.78.0-r0     | curl: Bad connection reuse            |
|              |                  |          |                   |               | due to flawed path name checks        |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22924 |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| libcrypto1.1 | CVE-2021-3711    | CRITICAL | 1.1.1i-r0         | 1.1.1l-r0     | openssl: SM2 Decryption               |
|              |                  |          |                   |               | Buffer Overflow                       |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3711  |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-23840   | HIGH     |                   | 1.1.1j-r0     | openssl: integer                      |
|              |                  |          |                   |               | overflow in CipherUpdate              |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23840 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-3450    |          |                   | 1.1.1k-r0     | openssl: CA certificate check         |
|              |                  |          |                   |               | bypass with X509_V_FLAG_X509_STRICT   |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3450  |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-3712    |          |                   | 1.1.1l-r0     | openssl: Read buffer overruns         |
|              |                  |          |                   |               | processing ASN.1 strings              |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3712  |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2022-0778    |          |                   | 1.1.1n-r0     | openssl: Infinite loop in             |
|              |                  |          |                   |               | BN_mod_sqrt() reachable               |
|              |                  |          |                   |               | when parsing certificates             |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-0778  |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-23841   | MEDIUM   |                   | 1.1.1j-r0     | openssl: NULL pointer dereference     |
|              |                  |          |                   |               | in X509_issuer_and_serial_hash()      |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23841 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-3449    |          |                   | 1.1.1k-r0     | openssl: NULL pointer dereference     |
|              |                  |          |                   |               | in signature_algorithms processing    |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3449  |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-23839   | LOW      |                   | 1.1.1j-r0     | openssl: incorrect SSLv2              |
|              |                  |          |                   |               | rollback protection                   |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23839 |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| libcurl      | CVE-2021-22945   | CRITICAL | 7.69.1-r3         | 7.79.0-r0     | curl: use-after-free and              |
|              |                  |          |                   |               | double-free in MQTT sending           |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22945 |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-22901   | HIGH     |                   | 7.77.0-r0     | curl: Use-after-free in               |
|              |                  |          |                   |               | TLS session handling when             |
|              |                  |          |                   |               | using OpenSSL TLS backend             |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22901 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22946   |          |                   | 7.79.0-r0     | curl: Requirement to use              |
|              |                  |          |                   |               | TLS not properly enforced             |
|              |                  |          |                   |               | for IMAP, POP3, and...                |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22946 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2022-22576   |          |                   | 7.79.1-r1     | curl: OAUTH2 bearer bypass            |
|              |                  |          |                   |               | in connection re-use                  |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-22576 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2022-27775   |          |                   |               | curl: bad local IPv6 connection reuse |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-27775 |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-22876   | MEDIUM   |                   | 7.76.0-r0     | curl: Leak of authentication          |
|              |                  |          |                   |               | credentials in URL                    |
|              |                  |          |                   |               | via automatic Referer                 |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22876 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22922   |          |                   | 7.78.0-r0     | curl: Content not matching hash       |
|              |                  |          |                   |               | in Metalink is not being discarded    |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22922 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-22923   |          |                   |               | curl: Metalink download               |
|              |                  |          |                   |               | sends credentials                     |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22923 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-22925   |          |                   |               | curl: Incorrect fix for               |
|              |                  |          |                   |               | CVE-2021-22898 TELNET                 |
|              |                  |          |                   |               | stack contents disclosure             |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22925 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22947   |          |                   | 7.79.0-r0     | curl: Server responses                |
|              |                  |          |                   |               | received before STARTTLS              |
|              |                  |          |                   |               | processed after TLS handshake         |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22947 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2022-27774   |          |                   | 7.79.1-r1     | curl: credential leak on redirect     |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-27774 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2022-27776   |          |                   |               | curl: auth/cookie leak on redirect    |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-27776 |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2020-8284    | LOW      |                   | 7.74.0-r0     | curl: FTP PASV command                |
|              |                  |          |                   |               | response can cause curl               |
|              |                  |          |                   |               | to connect to arbitrary...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-8284  |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22890   |          |                   | 7.76.0-r0     | curl: TLS 1.3 session ticket          |
|              |                  |          |                   |               | mix-up with HTTPS proxy host          |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22890 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22898   |          |                   | 7.77.0-r0     | curl: TELNET stack                    |
|              |                  |          |                   |               | contents disclosure                   |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22898 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-22924   |          |                   | 7.78.0-r0     | curl: Bad connection reuse            |
|              |                  |          |                   |               | due to flawed path name checks        |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-22924 |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| libssl1.1    | CVE-2021-3711    | CRITICAL | 1.1.1i-r0         | 1.1.1l-r0     | openssl: SM2 Decryption               |
|              |                  |          |                   |               | Buffer Overflow                       |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3711  |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-23840   | HIGH     |                   | 1.1.1j-r0     | openssl: integer                      |
|              |                  |          |                   |               | overflow in CipherUpdate              |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23840 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-3450    |          |                   | 1.1.1k-r0     | openssl: CA certificate check         |
|              |                  |          |                   |               | bypass with X509_V_FLAG_X509_STRICT   |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3450  |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-3712    |          |                   | 1.1.1l-r0     | openssl: Read buffer overruns         |
|              |                  |          |                   |               | processing ASN.1 strings              |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3712  |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2022-0778    |          |                   | 1.1.1n-r0     | openssl: Infinite loop in             |
|              |                  |          |                   |               | BN_mod_sqrt() reachable               |
|              |                  |          |                   |               | when parsing certificates             |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-0778  |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-23841   | MEDIUM   |                   | 1.1.1j-r0     | openssl: NULL pointer dereference     |
|              |                  |          |                   |               | in X509_issuer_and_serial_hash()      |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23841 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-3449    |          |                   | 1.1.1k-r0     | openssl: NULL pointer dereference     |
|              |                  |          |                   |               | in signature_algorithms processing    |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3449  |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-23839   | LOW      |                   | 1.1.1j-r0     | openssl: incorrect SSLv2              |
|              |                  |          |                   |               | rollback protection                   |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-23839 |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| ssl_client   | CVE-2021-28831   | HIGH     | 1.31.1-r19        | 1.31.1-r20    | busybox: invalid free or segmentation |
|              |                  |          |                   |               | fault via malformed gzip data         |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-28831 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2021-42378   |          |                   | 1.31.1-r21    | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42378 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42379   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42379 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42380   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42380 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42381   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42381 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42382   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42382 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42383   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42383 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42384   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42384 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42385   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42385 |
+              +------------------+          +                   +               +---------------------------------------+
|              | CVE-2021-42386   |          |                   |               | busybox: use-after-free in            |
|              |                  |          |                   |               | awk applet leads to denial            |
|              |                  |          |                   |               | of service and possibly...            |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42386 |
+              +------------------+          +                   +---------------+---------------------------------------+
|              | CVE-2022-28391   |          |                   | 1.31.1-r22    | busybox: remote attackers may execute |
|              |                  |          |                   |               | arbitrary code if netstat is used     |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-28391 |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2021-42374   | MEDIUM   |                   | 1.31.1-r21    | busybox: out-of-bounds read           |
|              |                  |          |                   |               | in unlzma applet leads to             |
|              |                  |          |                   |               | information leak and denial...        |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-42374 |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+
| zlib         | CVE-2022-37434   | CRITICAL | 1.2.11-r3         | 1.2.12-r2     | zlib: heap-based buffer               |
|              |                  |          |                   |               | over-read and overflow in             |
|              |                  |          |                   |               | inflate() in inflate.c via a...       |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-37434 |
+              +------------------+----------+                   +---------------+---------------------------------------+
|              | CVE-2018-25032   | HIGH     |                   | 1.2.12-r0     | zlib: A flaw found in                 |
|              |                  |          |                   |               | zlib when compressing (not            |
|              |                  |          |                   |               | decompressing) certain inputs...      |
|              |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2018-25032 |
+--------------+------------------+----------+-------------------+---------------+---------------------------------------+

Java (jar)
==========
Total: 53 (UNKNOWN: 0, LOW: 1, MEDIUM: 23, HIGH: 23, CRITICAL: 6)

+-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
|                           LIBRARY                           | VULNERABILITY ID | SEVERITY | INSTALLED VERSION |         FIXED VERSION          |                             TITLE                              |
+-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| ch.qos.logback:logback-classic                              | CVE-2023-6378    | HIGH     | 1.2.3             | 1.3.12, 1.4.12, 1.2.13         | logback: serialization                                         |
|                                                             |                  |          |                   |                                | vulnerability in logback receiver                              |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-6378                           |
+-------------------------------------------------------------+                  +          +                   +                                +                                                                +
| ch.qos.logback:logback-core                                 |                  |          |                   |                                |                                                                |
|                                                             |                  |          |                   |                                |                                                                |
|                                                             |                  |          |                   |                                |                                                                |
+                                                             +------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2021-42550   | MEDIUM   |                   | 1.2.9                          | logback: remote code execution                                 |
|                                                             |                  |          |                   |                                | through JNDI call from within                                  |
|                                                             |                  |          |                   |                                | its configuration file...                                      |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-42550                          |
+-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| com.fasterxml.jackson.core:jackson-databind                 | CVE-2020-36518   | HIGH     | 2.11.3            | 2.13.2.1, 2.12.6.1             | jackson-databind: denial of service                            |
|                                                             |                  |          |                   |                                | via a large depth of nested objects                            |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2020-36518                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2021-46877   |          |                   | 2.12.6, 2.13.1                 | jackson-databind: Possible                                     |
|                                                             |                  |          |                   |                                | DoS if using JDK serialization                                 |
|                                                             |                  |          |                   |                                | to serialize JsonNode                                          |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-46877                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2022-42003   |          |                   | 2.12.7.1, 2.13.4.2             | jackson-databind: deep                                         |
|                                                             |                  |          |                   |                                | wrapper array nesting wrt                                      |
|                                                             |                  |          |                   |                                | UNWRAP_SINGLE_VALUE_ARRAYS                                     |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-42003                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2022-42004   |          |                   | 2.12.7.1, 2.13.4               | jackson-databind: use                                          |
|                                                             |                  |          |                   |                                | of deeply nested arrays                                        |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-42004                          |
+-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| com.google.guava:guava                                      | CVE-2018-10237   | MEDIUM   |              18.0 | 24.1.1-android                 | guava: Unbounded memory                                        |
|                                                             |                  |          |                   |                                | allocation in AtomicDoubleArray                                |
|                                                             |                  |          |                   |                                | and CompoundOrdering classes                                   |
|                                                             |                  |          |                   |                                | allow remote attackers...                                      |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2018-10237                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2023-2976    |          |                   | 32.0.0-android                 | guava: insecure temporary                                      |
|                                                             |                  |          |                   |                                | directory creation                                             |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-2976                           |
+                                                             +------------------+----------+                   +                                +----------------------------------------------------------------+
|                                                             | CVE-2020-8908    | LOW      |                   |                                | guava: local information                                       |
|                                                             |                  |          |                   |                                | disclosure via temporary directory                             |
|                                                             |                  |          |                   |                                | created with unsafe permissions                                |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2020-8908                           |
+-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| com.squareup.okio:okio                                      | CVE-2023-3635    | MEDIUM   | 2.8.0             | 3.4.0, 1.17.6                  | okio: GzipSource class                                         |
|                                                             |                  |          |                   |                                | improper exception handling                                    |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-3635                           |
+-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| org.apache.tomcat.embed:tomcat-embed-core                   | CVE-2021-25122   | HIGH     | 9.0.39            | 10.0.2, 9.0.43, 8.5.63         | tomcat: Request mix-up with h2c                                |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-25122                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2021-25329   |          |                   | 10.0.2, 9.0.41, 8.5.61,        | tomcat: Incomplete fix                                         |
|                                                             |                  |          |                   | 7.0.108                        | for CVE-2020-9484 (RCE                                         |
|                                                             |                  |          |                   |                                | via session persistence)                                       |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-25329                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2022-42252   |          |                   | 8.5.83, 9.0.68, 10.0.27,       | tomcat: request smuggling                                      |
|                                                             |                  |          |                   | 10.1.1                         | -->avd.aquasec.com/nvd/cve-2022-42252                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2023-24998   |          |                   | 10.1.5, 11.0.0-M5, 8.5.88,     | Apache Commons FileUpload:                                     |
|                                                             |                  |          |                   | 9.0.71                         | FileUpload DoS with excessive parts                            |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-24998                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2023-46589   |          |                   | 11.0.0-M11, 10.1.16, 9.0.83,   | tomcat: HTTP request smuggling                                 |
|                                                             |                  |          |                   | 8.5.96                         | via malformed trailer headers                                  |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-46589                          |
+                                                             +------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2021-24122   | MEDIUM   |                   | 10.0.0-M10, 9.0.40, 8.5.60,    | tomcat: Information disclosure                                 |
|                                                             |                  |          |                   | 7.0.107                        | when using NTFS file system                                    |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-24122                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2023-41080   |          |                   | 8.5.93, 9.0.80, 10.1.13,       | tomcat: Open Redirect vulnerability                            |
|                                                             |                  |          |                   | 11.0.0-M11                     | in FORM authentication                                         |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-41080                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2023-42795   |          |                   | 11.0.0-M12, 10.1.14, 9.0.81,   | tomcat: improper cleaning                                      |
|                                                             |                  |          |                   | 8.5.94                         | of recycled objects could                                      |
|                                                             |                  |          |                   |                                | lead to information leak                                       |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-42795                          |
+                                                             +------------------+          +                   +                                +----------------------------------------------------------------+
|                                                             | CVE-2023-44487   |          |                   |                                | HTTP/2: Multiple HTTP/2                                        |
|                                                             |                  |          |                   |                                | enabled web servers are                                        |
|                                                             |                  |          |                   |                                | vulnerable to a DDoS attack...                                 |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-44487                          |
+                                                             +------------------+          +                   +                                +----------------------------------------------------------------+
|                                                             | CVE-2023-45648   |          |                   |                                | tomcat: incorrectly parsed                                     |
|                                                             |                  |          |                   |                                | http trailer headers can                                       |
|                                                             |                  |          |                   |                                | cause request smuggling                                        |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-45648                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2024-24549   |          |                   | 8.5.99, 9.0.86, 10.1.19,       | : Apache Tomcat: HTTP/2                                        |
|                                                             |                  |          |                   | 11.0.0-M17                     | header handling DoS                                            |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2024-24549                          |
+-------------------------------------------------------------+------------------+          +                   +--------------------------------+----------------------------------------------------------------+
| org.apache.tomcat.embed:tomcat-embed-websocket              | CVE-2024-23672   |          |                   | 11.0.0-M17, 10.1.19, 9.0.86,   | Apache Tomcat: WebSocket DoS                                   |
|                                                             |                  |          |                   | 8.5.99                         | with incomplete closing handshake                              |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2024-23672                          |
+-------------------------------------------------------------+------------------+          +-------------------+--------------------------------+----------------------------------------------------------------+
| org.jetbrains.kotlin:kotlin-stdlib                          | CVE-2020-29582   |          | 1.3.72            | 1.4.21                         | kotlin: vulnerable Java                                        |
|                                                             |                  |          |                   |                                | API was used for temporary                                     |
|                                                             |                  |          |                   |                                | file and folder creation...                                    |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2020-29582                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2022-24329   |          |                   | 1.6.0                          | kotlin: Not possible to                                        |
|                                                             |                  |          |                   |                                | lock dependencies for                                          |
|                                                             |                  |          |                   |                                | Multiplatform Gradle Projects                                  |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-24329                          |
+-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| org.json:json                                               | CVE-2022-45688   | HIGH     |          20210307 |                       20230227 | json stack overflow vulnerability                              |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-45688                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2023-5072    |          |                   |                       20231013 | JSON-java: parser                                              |
|                                                             |                  |          |                   |                                | confusion leads to OOM                                         |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-5072                           |
+-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| org.springframework.boot:spring-boot                        | CVE-2023-34055   | MEDIUM   | 2.3.5.RELEASE     | 2.7.18, 3.0.13, 3.1.6          | spring-boot:                                                   |
|                                                             |                  |          |                   |                                | org.springframework.boot:spring-boot-actuator                  |
|                                                             |                  |          |                   |                                | class vulnerable to denial of service                          |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-34055                          |
+-------------------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework.boot:spring-boot-actuator-autoconfigure | CVE-2023-20873   | CRITICAL |                   | 3.0.6, 2.7.11                  | spring-boot: Security                                          |
|                                                             |                  |          |                   |                                | Bypass With Wildcard Pattern                                   |
|                                                             |                  |          |                   |                                | Matching on Cloud Foundry                                      |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-20873                          |
+-------------------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework.boot:spring-boot-autoconfigure          | CVE-2023-20883   | HIGH     |                   | 3.0.7, 2.7.12, 2.6.15, 2.5.15  | spring-boot: Spring Boot                                       |
|                                                             |                  |          |                   |                                | Welcome Page DoS Vulnerability                                 |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-20883                          |
+-------------------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework.boot:spring-boot-starter-web            | CVE-2022-22965   | CRITICAL |                   | 2.5.12, 2.6.6                  | spring-framework: RCE via                                      |
|                                                             |                  |          |                   |                                | Data Binding on JDK 9+                                         |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22965                          |
+-------------------------------------------------------------+------------------+          +-------------------+--------------------------------+----------------------------------------------------------------+
| org.springframework.data:spring-data-mongodb                | CVE-2022-22980   |          | 3.0.5.RELEASE     | 3.4.1, 3.3.5                   | Spring Data MongoDB: SpEL in                                   |
|                                                             |                  |          |                   |                                | query methods allow code injection                             |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22980                          |
+-------------------------------------------------------------+------------------+          +-------------------+--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-beans                            | CVE-2022-22965   |          | 5.2.10.RELEASE    | 5.2.20.RELEASE, 5.3.18         | spring-framework: RCE via                                      |
|                                                             |                  |          |                   |                                | Data Binding on JDK 9+                                         |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22965                          |
+                                                             +------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2022-22970   | HIGH     |                   | 5.2.22.RELEASE, 5.3.20         | springframework: DoS via data binding                          |
|                                                             |                  |          |                   |                                | to multipartFile or servlet part                               |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22970                          |
+-------------------------------------------------------------+------------------+          +                   +--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-context                          | CVE-2022-22968   |          |                   | 5.3.19, 5.2.21                 | Spring Framework: Data                                         |
|                                                             |                  |          |                   |                                | Binding Rules Vulnerability                                    |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22968                          |
+-------------------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-core                             | CVE-2021-22060   | MEDIUM   |                   | 5.3.14, 5.2.19                 | springframework: Additional Log                                |
|                                                             |                  |          |                   |                                | Injection in Spring Framework                                  |
|                                                             |                  |          |                   |                                | (follow-up to CVE-2021-22096)                                  |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-22060                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2021-22096   |          |                   | 5.3.11, 5.2.18                 | springframework: malicious                                     |
|                                                             |                  |          |                   |                                | input leads to insertion                                       |
|                                                             |                  |          |                   |                                | of additional log entries                                      |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-22096                          |
+-------------------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-expression                       | CVE-2023-20863   | HIGH     |                   | 6.0.8, 5.3.27, 5.2.24.RELEASE  | springframework: Spring                                        |
|                                                             |                  |          |                   |                                | Expression DoS Vulnerability                                   |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-20863                          |
+                                                             +------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2022-22950   | MEDIUM   |                   | 5.3.17, 5.2.20.RELEASE         | spring-expression: Denial of service                           |
|                                                             |                  |          |                   |                                | via specially crafted SpEL expression                          |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22950                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2023-20861   |          |                   | 6.0.7, 5.3.26, 5.2.23.RELEASE  | springframework: Spring                                        |
|                                                             |                  |          |                   |                                | Expression DoS Vulnerability                                   |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2023-20861                          |
+-------------------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-web                              | CVE-2016-1000027 | CRITICAL |                   | 6.0.0                          | spring: HttpInvokerServiceExporter                             |
|                                                             |                  |          |                   |                                | readRemoteInvocation method                                    |
|                                                             |                  |          |                   |                                | untrusted java deserialization                                 |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2016-1000027                        |
+                                                             +------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2021-22118   | HIGH     |                   | 5.2.15, 5.3.7                  | spring-web: (re)creating the                                   |
|                                                             |                  |          |                   |                                | temporary storage directory                                    |
|                                                             |                  |          |                   |                                | could result in  a privilege...                                |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2021-22118                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2024-22243   |          |                   | 6.1.4, 6.0.17, 5.3.32          | springframework: URL                                           |
|                                                             |                  |          |                   |                                | Parsing with Host Validation                                   |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2024-22243                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2024-22259   |          |                   | 6.1.5, 6.0.18, 5.3.33          | springframework: URL                                           |
|                                                             |                  |          |                   |                                | Parsing with Host Validation                                   |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2024-22259                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2024-22262   |          |                   | 5.3.34, 6.0.19, 6.1.6          | springframework: URL                                           |
|                                                             |                  |          |                   |                                | Parsing with Host Validation                                   |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2024-22262                          |
+-------------------------------------------------------------+------------------+----------+                   +--------------------------------+----------------------------------------------------------------+
| org.springframework:spring-webmvc                           | CVE-2022-22965   | CRITICAL |                   | 5.2.20.RELEASE, 5.3.18         | spring-framework: RCE via                                      |
|                                                             |                  |          |                   |                                | Data Binding on JDK 9+                                         |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-22965                          |
+-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+
| org.yaml:snakeyaml                                          | CVE-2022-1471    | HIGH     |              1.26 |                            2.0 | SnakeYaml: Constructor                                         |
|                                                             |                  |          |                   |                                | Deserialization                                                |
|                                                             |                  |          |                   |                                | Remote Code Execution                                          |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-1471                           |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2022-25857   |          |                   |                           1.31 | snakeyaml: Denial of Service                                   |
|                                                             |                  |          |                   |                                | due to missing nested depth                                    |
|                                                             |                  |          |                   |                                | limitation for collections...                                  |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-25857                          |
+                                                             +------------------+----------+                   +                                +----------------------------------------------------------------+
|                                                             | CVE-2022-38749   | MEDIUM   |                   |                                | snakeyaml: Uncaught exception in                               |
|                                                             |                  |          |                   |                                | org.yaml.snakeyaml.composer.Composer.composeSequenceNode       |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-38749                          |
+                                                             +------------------+          +                   +                                +----------------------------------------------------------------+
|                                                             | CVE-2022-38750   |          |                   |                                | snakeyaml: Uncaught exception in                               |
|                                                             |                  |          |                   |                                | org.yaml.snakeyaml.constructor.BaseConstructor.constructObject |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-38750                          |
+                                                             +------------------+          +                   +                                +----------------------------------------------------------------+
|                                                             | CVE-2022-38751   |          |                   |                                | snakeyaml: Uncaught exception in                               |
|                                                             |                  |          |                   |                                | java.base/java.util.regex.Pattern$Ques.match                   |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-38751                          |
+                                                             +------------------+          +                   +--------------------------------+----------------------------------------------------------------+
|                                                             | CVE-2022-38752   |          |                   |                           1.32 | snakeyaml: Uncaught exception in                               |
|                                                             |                  |          |                   |                                | java.base/java.util.ArrayList.hashCode                         |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-38752                          |
+                                                             +------------------+          +                   +                                +----------------------------------------------------------------+
|                                                             | CVE-2022-41854   |          |                   |                                | dev-java/snakeyaml:                                            |
|                                                             |                  |          |                   |                                | DoS via stack overflow                                         |
|                                                             |                  |          |                   |                                | -->avd.aquasec.com/nvd/cve-2022-41854                          |
+-------------------------------------------------------------+------------------+----------+-------------------+--------------------------------+----------------------------------------------------------------+