Msrc Azl3 Javapackages-Bootstrap 1.14.0-2 On Azure Linux 3.0 vulnerabilities

CVE-2024-25710 [HIGH] CWE-835 Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2022-48285 [HIGH] CWE-22 loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mos

CVE-2021-36374 [MEDIUM] CWE-130 Apache Ant ZIP and ZIP based archive denial of service vulerability Apache Ant ZIP and ZIP based archive denial of service vulerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sou

CVE-2021-36373 [MEDIUM] CWE-130 Apache Ant TAR archive denial of service vulnerability Apache Ant TAR archive denial of service vulnerability FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which t

CVE-2012-6708 [MEDIUM] CWE-79 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery d jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the 'Is Azure Lin

CVE-2015-9251 [MEDIUM] CWE-79 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option causing text/javascript responses to be executed. jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option causing text/javascript responses to be executed. FAQ: Is Azure Linux the only Microsoft product that includes this open-source