Vulnerabilities

 1 via 1 paths

Dependencies

 29

Source

 GitHub

Commit

 a2e2097c

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 2
Severity
  • 1
  • 2
Status
  • 3
  • 0
  • 0

high severity

Improper Resource Shutdown or Release

  • Vulnerable module: co.fs2:fs2-io_2.11
  • Introduced through: co.fs2:fs2-io_2.11@3.12.2

Detailed paths

  • Introduced through: laserdisc-io/laserdisc@laserdisc-io/laserdisc#a2e2097c20b23ab8e9a124a99472dacd122be160 co.fs2:fs2-io_2.11@3.12.2

Overview

Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socket read until the connection is closed.

Remediation

There is no fixed version for co.fs2:fs2-io_2.11.

References

Improper Resource Shutdown or Release vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-classic
  • Introduced through: ch.qos.logback:logback-classic@1.5.19

Detailed paths

  • Introduced through: laserdisc-io/laserdisc@laserdisc-io/laserdisc#a2e2097c20b23ab8e9a124a99472dacd122be160 ch.qos.logback:logback-classic@1.5.19

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-core
  • Introduced through: ch.qos.logback:logback-classic@1.5.19

Detailed paths

  • Introduced through: laserdisc-io/laserdisc@laserdisc-io/laserdisc#a2e2097c20b23ab8e9a124a99472dacd122be160 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report