Application security report

Adeptia follows established processes for security testing and ensures that there is zero critical and high vulnerability in the released product. The following table contains the summary of high and medium severity vulnerabilities of the microservice images of Adeptia Connect v4.0.

Image NameSeverityVulnerability IDDescriptionPublishedModifiedStatus
autoscalerHighCVE-2016-4074The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file.2016-04-042016-04-04To be planned in the GA release

databasemigration

event

portal

runtime

Webrunner

MediumCVE-2021-36159 libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.2021-07-052021-07-05To be planned in the GA release
rabbitmqMediumCVE-2021-36222 ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.2021-07-222021-07-22To be planned in the GA release