Vulnerabilities

 1 via 1 paths

Dependencies

 29

Source

 GitHub

Commit

 8dbc9943

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 2
Severity
  • 1
  • 2
Status
  • 3
  • 0
  • 0

high severity

Improper Resource Shutdown or Release

  • Vulnerable module: co.fs2:fs2-io_2.11
  • Introduced through: co.fs2:fs2-io_2.11@3.12.2

Detailed paths

  • Introduced through: laserdisc-io/laserdisc@laserdisc-io/laserdisc#8dbc99435135c21996925b41aec8a72800326196 co.fs2:fs2-io_2.11@3.12.2

Overview

Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socket read until the connection is closed.

Remediation

There is no fixed version for co.fs2:fs2-io_2.11.

References

Improper Resource Shutdown or Release vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-classic
  • Introduced through: ch.qos.logback:logback-classic@1.5.26

Detailed paths

  • Introduced through: laserdisc-io/laserdisc@laserdisc-io/laserdisc#8dbc99435135c21996925b41aec8a72800326196 ch.qos.logback:logback-classic@1.5.26

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-core
  • Introduced through: ch.qos.logback:logback-classic@1.5.26

Detailed paths

  • Introduced through: laserdisc-io/laserdisc@laserdisc-io/laserdisc#8dbc99435135c21996925b41aec8a72800326196 ch.qos.logback:logback-classic@1.5.26 ch.qos.logback:logback-core@1.5.26

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report