Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.