Application security report
- Akash Kumar Jaiswal (Unlicensed)
- Ashhad Alam
- Avinash Kumar
Owned by Akash Kumar Jaiswal (Unlicensed)
Adeptia follows established processes for security testing and ensures that there is zero critical and high vulnerability in the released product. The following table contains the summary of high and medium severity vulnerabilities of the microservice images of Adeptia Connect v4.0.
| Image Name | Severity | Vulnerability ID | Description | Published | Modified | Status |
|---|---|---|---|---|---|---|
| autoscaler | High | CVE-2016-4074 | The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. | 2016-04-04 | 2016-04-04 | To be planned in the GA release |
databasemigration event portal runtime Webrunner | Medium | CVE-2021-36159 | libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late. | 2021-07-05 | 2021-07-05 | To be planned in the GA release |
| rabbitmq | Medium | CVE-2021-36222 | ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. | 2021-07-22 | 2021-07-22 | To be planned in the GA release |