Looking for an help on the below CVE’s
CVE-2022-2175
CVE-2020-36518
CVE-2022-0239
How are those related to Keycloak?
On v1901 when the image is scanned. below are the vulnerabilities that turned out.
-----------------------------------+ 10:21:06 | CVE-2022-2175 | important | 7.80 | vim-minimal | 8.0.1763-19.el8_6.4 | affected | 54 days | < 1 hour | Buffer Over-read in GitHub repository vim/vim | 10:21:06 | | | | | | | | | prior to 8.2. | 10:21:06 ±-----------------±----------±-----±--------------------------------------------±--------------------±------------------------------±------------±-----------±---------------------------------------------------+ 10:21:06 | PRISMA-2022-0239 | high | 7.50 | com.squareup.okhttp3_okhttp | 3.14.9 | fixed in 4.9.2 | 30 days | < 1 hour | com.squareup.okhttp3_okhttp packages prior | 10:21:06 | | | | | | 30 days ago | | | to version 4.9.2 are vulnerable for sensitive | 10:21:06 | | | | | | | | | information disclosure. An illegal character in a | 10:21:06 | | | | | | | | | header valu… | 10:21:06 ±-----------------±----------±-----±--------------------------------------------±--------------------±------------------------------±------------±-----------±---------------------------------------------------+ 10:21:06 | CVE-2020-36518 | high | 7.50 | com.fasterxml.jackson.core_jackson-databind | 2.11.4 | fixed in 2.12.6.1, 2.13.2.1 | > 5 months | < 1 hour | jackson-databind before 2.13.0 allows a Java | 10:21:06 | | | | | | > 5 months ago | | | StackOverflow exception and denial of service via | 10:21:06 | | | | | | | | | a large depth of nested objects. | 10:21:06 ±-----------------±----------±-----±--------------------------------------------±--------------------±------------------------------±------------±-----------±---------------------------------------------------+
Unfortunately only in german language (but a translator may help):
1 Like