Description
artemis/hornetq: memory exhaustion via UDP and JGroups discovery.
infinispan: Unsafe deserialization of malicious object injected into data cache.
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525).
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095).
resteasy: Vary header not added by CORS filter leading to cache poisoning.
undertow: Client can use bogus uri in Digest authentication.
undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser.
jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485).