Skip to main content
Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
org.infobip.oneapi/oneapi-java 0.0.1 | Vul… | Sonatype Guide
Get full component data and automated fixes with Sonatype Guide.
Sign up for free
maven
org.infobip.oneapi
oneapi-java
0.0.1
oneapi-java 0.0.1
Latest
org.infobip.oneapi
Published
Nov 14, 2014
•
Policy
compliance
maven Registry
Developer Trust Score
Recommended Version:
x.y.z
Recommended upgrade that meets your policy.
Compare Versions
Overview
Overview
Versions
1
Versions
1
Vulnerabilities
29
Vulnerabilities
29
Dependencies
7
Dependencies
7
Reset filters
Severity
Critical
(0)
High
(0)
Medium
(10)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
6.9
sonatype-2017-000880
jackson-databind - Missing type checks when using polymorphic type ids
affected
Severity
Medium
Published
Jun 4, 2026
6.5
CVE-2021-43797
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
affected
Severity
Medium
5.3
sonatype-2020-0103
netty-codec-http - Denial of Service (DoS)
affected
Severity
Medium
Published
Mar 26, 2020
4.3
CVE-2013-7398
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.
affected
Severity
Medium
Published
Jul 9, 2019
4.3
CVE-2013-7397
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.
affected
Severity
Medium
Published
Jul 9, 2019
6.3
sonatype-2016-0593
com.fasterxml.jackson.core:jackson-databind - Ensure DOM parsing defaults to not expanding external entities
affected
Severity
Medium
Published
May 29, 2019
5.3
sonatype-2012-0050
commons-codec - Base32 would decode some invalid Base32 encoded string into arbitrary value
affected
Severity
Medium
Published
Nov 22, 2017
5.5
sonatype-2016-0397
com.fasterxml.jackson.core:jackson-core - Denial Of Service (DoS)
affected
Severity
Medium
Published
Sep 25, 2017
6.3
sonatype-2014-0093
netty - MitM Via POODLE Attack
affected
Severity
Medium
Published
Sep 25, 2017
5.9
sonatype-2017-0356
io.netty:netty-handler - Improper Certificate Validation
affected
Severity
Medium
Published
Sep 25, 2017
Published
Dec 10, 2021
