RejectReason: cdda329d-9e0a-4c3e-83a2-c142588c1995
Type: VULNERABILITY
Name: CVE-2019-20445
CVSS Score v3: 9.1
Severity: critical
Description: HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.. Impacted Image File(s): /usr/lib/trino/plugin/cassandra/netty-handler-4.0.37.Final.jar, /usr/lib/trino/plugin/thrift/netty-all-4.1.29.Final.jar
RejectReason: ffa9abd0-3da2-4095-a6fa-24975b52eb06
Type: VULNERABILITY
Name: CVE-2019-20444
CVSS Score v3: 9.1
Severity: critical
Description: HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold.". Impacted Image File(s): /usr/lib/trino/plugin/thrift/netty-all-4.1.29.Final.jar, /usr/lib/trino/plugin/cassandra/netty-handler-4.0.37.Final.jar
RejectReason: eeec22df-056e-4fb9-b85b-f774ab4e82c3
Type: VULNERABILITY
Name: CVE-2017-12629
CVSS Score v3: 9.8
Severity: critical
Description: Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.. Impacted Image File(s): /usr/lib/trino/plugin/elasticsearch/lucene-queryparser-7.0.1.jar
RejectReason: a8e5be9e-9c49-4497-ba2e-ca3dcdcef5ef
Type: VULNERABILITY
Name: CVE-2019-17495
CVSS Score v3: 9.8
Severity: critical
Description: A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that
snyk vulnerabilities identified in amd 367 image.
RejectReason: cdda329d-9e0a-4c3e-83a2-c142588c1995 Type: VULNERABILITY Name: CVE-2019-20445 CVSS Score v3: 9.1 Severity: critical Description: HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.. Impacted Image File(s): /usr/lib/trino/plugin/cassandra/netty-handler-4.0.37.Final.jar, /usr/lib/trino/plugin/thrift/netty-all-4.1.29.Final.jar RejectReason: ffa9abd0-3da2-4095-a6fa-24975b52eb06 Type: VULNERABILITY Name: CVE-2019-20444 CVSS Score v3: 9.1 Severity: critical Description: HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold.". Impacted Image File(s): /usr/lib/trino/plugin/thrift/netty-all-4.1.29.Final.jar, /usr/lib/trino/plugin/cassandra/netty-handler-4.0.37.Final.jar RejectReason: eeec22df-056e-4fb9-b85b-f774ab4e82c3 Type: VULNERABILITY Name: CVE-2017-12629 CVSS Score v3: 9.8 Severity: critical Description: Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.. Impacted Image File(s): /usr/lib/trino/plugin/elasticsearch/lucene-queryparser-7.0.1.jar RejectReason: a8e5be9e-9c49-4497-ba2e-ca3dcdcef5ef Type: VULNERABILITY Name: CVE-2019-17495 CVSS Score v3: 9.8 Severity: critical Description: A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that