Alpine Project Alpine vulnerabilities

6 known vulnerabilities affecting alpine_project/alpine.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2022-23553HIGHCVSS 7.5fixed in 1.10.42022-12-28
CVE-2022-23553 [HIGH] CWE-863 CVE-2022-23553: Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter byp Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds.
nvd
CVE-2022-23554MEDIUMCVSS 5.4fixed in 1.10.42022-12-28
CVE-2022-23554 [MEDIUM] CWE-287 CVE-2022-23554: Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains condition will hold and will return from the authentic
nvd
CVE-2021-46853MEDIUMCVSS 5.9fixed in 2.252022-11-03
CVE-2021-46853 [MEDIUM] CWE-367 CVE-2021-46853: Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIS Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.
nvdosv
CVE-2021-38370MEDIUMCVSS 5.9fixed in 2.252021-08-10
CVE-2021-38370 [MEDIUM] CWE-77 CVE-2021-38370: In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.
nvdosv
CVE-2020-14929HIGHCVSS 7.5fixed in 2.232020-06-19
CVE-2020-14929 [HIGH] CVE-2020-14929: Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain c Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.
nvdosv
CVE-2008-5514MEDIUMCVSS 4.3≥ 0, < 2.02-3.12008-12-23
CVE-2008-5514 [MEDIUM] CVE-2008-5514: Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that tri
osv