Skip to content

Shiny proxy image CVE #337

Description

@sambles

Java (jar) Vulnerabilities — shinyproxy.jar

Total: 74 (CRITICAL: 13, HIGH: 61) | Status: all fixed

Library CVE Sev Installed Fix
ch.qos.logback:logback-classic/core CVE-2023-6378 HIGH 1.2.11 1.2.13 / 1.3.12 / 1.4.12
com.amazonaws:aws-java-sdk-s3 CVE-2022-31159 HIGH 1.11.563 1.12.261
com.fasterxml.jackson.core:jackson-core CVE-2025-52999 HIGH 2.12.6 2.15.0
com.fasterxml.jackson.core:jackson-databind CVE-2022-42003 HIGH 2.12.6.1 2.12.7.1 / 2.13.4.2
com.fasterxml.jackson.core:jackson-databind CVE-2022-42004 HIGH 2.12.6.1 2.12.7.1 / 2.13.4
com.h2database:h2 CVE-2021-42392 CRIT 1.4.200 2.0.206
com.h2database:h2 CVE-2022-23221 CRIT 1.4.200 2.1.210
com.h2database:h2 CVE-2021-23463 HIGH 1.4.200 2.0.202
com.h2database:h2 CVE-2022-45868 HIGH 1.4.200 2.2.220
com.microsoft.sqlserver:mssql-jdbc CVE-2025-59250 HIGH 9.2.1 / 9.2.1.jre8 12.10.2.jre11
com.nimbusds:nimbus-jose-jwt CVE-2023-52428 HIGH 9.10.1 9.37.2
com.squareup.okhttp3:okhttp CVE-2021-0341 HIGH 3.14.9 4.9.2
commons-beanutils:commons-beanutils CVE-2025-48734 HIGH 1.9.4 1.11.0
commons-io:commons-io CVE-2024-47554 HIGH 2.7 / 2.8.0 2.14.0
io.fabric8:kubernetes-client CVE-2021-20218 HIGH 4.2.2 5.0.2
io.undertow:undertow-core CVE-2022-4492 CRIT 2.2.8.Final 2.2.24.Final / 2.3.5.Final
io.undertow:undertow-core CVE-2025-12543 CRIT 2.2.8.Final 2.2.39.Final / 2.3.21.Final
io.undertow:undertow-core CVE-2021-3629 HIGH 2.2.8.Final 2.2.11.Final
io.undertow:undertow-core CVE-2021-3690 HIGH 2.2.8.Final 2.2.10
io.undertow:undertow-core CVE-2021-3859 HIGH 2.2.8.Final 2.2.15
io.undertow:undertow-core CVE-2022-2053 HIGH 2.2.8.Final 2.2.19.Final
io.undertow:undertow-core CVE-2023-1108 HIGH 2.2.8.Final 2.2.24.Final
io.undertow:undertow-core CVE-2023-4639 HIGH 2.2.8.Final 2.2.30.Final
io.undertow:undertow-core CVE-2024-1635 HIGH 2.2.8.Final 2.2.31.Final
io.undertow:undertow-core CVE-2024-3884 HIGH 2.2.8.Final 2.3.21.Final
io.undertow:undertow-core CVE-2024-4027 HIGH 2.2.8.Final 2.3.21.Final
io.undertow:undertow-core CVE-2024-5971 HIGH 2.2.8.Final 2.2.34.Final
io.undertow:undertow-core CVE-2024-6162 HIGH 2.2.8.Final 2.2.33.Final
io.undertow:undertow-core CVE-2024-7885 HIGH 2.2.8.Final 2.2.36.Final
io.undertow:undertow-core CVE-2025-9784 HIGH 2.2.8.Final 2.2.38.Final
net.minidev:json-smart CVE-2023-1370 HIGH 2.4.7 / 2.4.8 2.4.9
org.apache.commons:commons-compress CVE-2021-35515 HIGH 1.19 1.21
org.apache.commons:commons-compress CVE-2021-35516 HIGH 1.19 1.21
org.apache.commons:commons-compress CVE-2021-35517 HIGH 1.19 1.21
org.apache.commons:commons-compress CVE-2021-36090 HIGH 1.19 1.21
org.apache.santuario:xmlsec CVE-2021-40690 HIGH 1.5.8 2.1.7 / 2.2.3
org.jboss.xnio:xnio-api CVE-2023-5685 HIGH 3.8.4.Final 3.8.14.Final
org.keycloak:keycloak-core CVE-2021-3632 HIGH 13.0.1 15.1.0
org.keycloak:keycloak-core CVE-2023-6841 HIGH 13.0.1 24.0.0
org.keycloak:keycloak-core CVE-2024-10039 HIGH 13.0.1 26.0.6
org.owasp.esapi:esapi CVE-2022-23457 HIGH 2.2.0.0 2.3.0.0
org.owasp.esapi:esapi GHSA-7c2q-5qmr-v76q HIGH 2.2.0.0 2.5.2.0
org.postgresql:postgresql CVE-2024-1597 CRIT 42.2.25 42.7.2
org.postgresql:postgresql CVE-2022-31197 HIGH 42.2.25 42.2.26
org.springframework.boot:spring-boot CVE-2025-22235 HIGH 2.5.12 3.3.11 / 3.4.5
org.springframework.boot:spring-boot-actuator-autoconfigure CVE-2023-20873 CRIT 2.5.12 2.5.15
org.springframework.boot:spring-boot-autoconfigure CVE-2023-20883 HIGH 2.5.12 2.5.15
org.springframework.security:spring-security-core CVE-2022-22978 CRIT 5.5.5 5.5.7 / 5.6.4
org.springframework.security:spring-security-core CVE-2024-22257 HIGH 5.5.5 5.7.12
org.springframework.security:spring-security-crypto CVE-2025-22228 HIGH 5.5.5 5.7.16
org.springframework.security:spring-security-oauth2-client CVE-2022-31690 HIGH 5.5.5 5.6.9 / 5.7.5
org.springframework.security:spring-security-web CVE-2022-22978 CRIT 5.5.5 5.5.7 / 5.6.4
org.springframework.security:spring-security-web CVE-2024-38821 CRIT 5.5.5 5.7.13
org.springframework.security:spring-security-web CVE-2026-22732 CRIT 5.5.5 6.5.9 / 7.0.4
org.springframework:spring-beans CVE-2022-22970 HIGH 5.3.18 5.3.20
org.springframework:spring-context CVE-2022-22968 HIGH 5.3.18 5.3.19
org.springframework:spring-core CVE-2025-41249 HIGH 5.3.18 6.2.11
org.springframework:spring-expression CVE-2023-20863 HIGH 5.3.18 5.3.27
org.springframework:spring-web CVE-2016-1000027 CRIT 5.3.18 6.0.0
org.springframework:spring-web CVE-2024-22243 HIGH 5.3.18 5.3.32
org.springframework:spring-web CVE-2024-22259 HIGH 5.3.18 5.3.33
org.springframework:spring-web CVE-2024-22262 HIGH 5.3.18 5.3.34
org.springframework:spring-webmvc CVE-2023-20860 CRIT 5.3.18 5.3.26
org.springframework:spring-webmvc CVE-2024-38816 HIGH 5.3.18 6.1.13
org.springframework:spring-webmvc CVE-2024-38819 HIGH 5.3.18 6.1.14
org.webjars:handlebars CVE-2021-23369 CRIT 4.7.6 4.7.7
org.yaml:snakeyaml CVE-2022-1471 HIGH 1.28 2.0
org.yaml:snakeyaml CVE-2022-25857 HIGH 1.28 1.31
software.amazon.ion:ion-java CVE-2024-21634 HIGH 1.0.2 1.10.5
xalan:xalan CVE-2022-34169 HIGH 2.7.2 2.7.3

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions