Upgrade RHEL:9 java-17-openjdk to version 1:17.0.4.0.8-2.el9_0 or higher. This issue was patched in RHSA-2022:5736 .

Integer Coercion Error in java-17-openjdk | CVE-2022-34169

Threat Intelligence

0.05% (20^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-ALPINE321-LIBGIT2-8486851
published6 Dec 2024
disclosed24 Jan 2020

Report a new vulnerability Found a mistake?

Introduced: 24 Jan 2020

CVE-2019-1348 (opens in a new tab)

How to fix?

Upgrade Alpine:3.21 libgit2 to version 0.28.4-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libgit2 package and not the libgit2 package as distributed by Alpine. See How to fix? for Alpine:3.21 relevant fixed versions and status.

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.

References

CVSS Scores

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Privileges Required (PR)
Low
User Interaction (UI)
None

Scope (S)
Unchanged

Confidentiality (C)
None
Integrity (I)
Low
Availability (A)
None

CVE-2019-1348 Affecting libgit2 package, versions <0.28.4-r0

Severity