← Back

Alpine Project

alpine_project

5 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Alpine
alpine
5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-23554
1Alpine Project
1Alpine
Nov 21, 2024
Dec 28, 2022
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. B...Show more
Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains condition will hold and will return from the authentication filter without aborting the request. Note that the principal object will not be assigned and therefore the issue wont allow user impersonation. This issue has been fixed in version 1.10.4. There are no known workarounds.Show less
CVE-2022-23553
1Alpine Project
1Alpine
Nov 21, 2024
Dec 28, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.
CVE-2021-46853
1Alpine Project
1Alpine
May 5, 2025
Nov 3, 2022
N/A· v4
5.9 MEDIUM· v3
N/A· v2
Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.
CVE-2021-38370
1Alpine Project
1Alpine
Nov 21, 2024
Aug 10, 2021
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.
CVE-2020-14929
3Alpine Project
DebianFedoraproject
3Alpine
Debian LinuxFedora
Nov 21, 2024
Jun 19, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letti...Show more
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.Show less