feemstr / webgoat_2.0_8.1.0 Goto Github PK
View Code? Open in Web Editor NEWLicense: Other
webgoat_2.0_8.1.0's People
Contributors
![mend-for-github-com[bot] avatar](https://avatars.githubusercontent.com/in/30796?v=4 "mend-for-github-com[bot]")
Watchers
webgoat_2.0_8.1.0's Issues
jjwt-0.7.0.jar: 6 vulnerabilities (highest severity is: 7.5)
Vulnerable Library - jjwt-0.7.0.jar
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (jjwt version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2022-42004 |  High |
7.5 | jackson-databind-2.10.1.jar | Transitive | 0.12.0 | ✅ |
| CVE-2022-42003 | High |
7.5 | jackson-databind-2.10.1.jar | Transitive | 0.12.0 | ✅ |
| CVE-2021-46877 | High |
7.5 | jackson-databind-2.10.1.jar | Transitive | 0.8.0 | ✅ |
| CVE-2020-36518 | High |
7.5 | jackson-databind-2.10.1.jar | Transitive | 0.12.0 | ✅ |
| CVE-2020-25649 | High |
7.5 | jackson-databind-2.10.1.jar | Transitive | 0.8.0 | ✅ |
| WS-2021-0616 |  Medium |
5.9 | jackson-databind-2.10.1.jar | Transitive | 0.8.0 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-42004
Vulnerable Library - jackson-databind-2.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Dependency Hierarchy:
- jjwt-0.7.0.jar (Root Library)
- ❌ jackson-databind-2.10.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
Publish Date: 2022-10-02
URL: CVE-2022-42004
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-10-02
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.12.7.1
Direct dependency fix Resolution (io.jsonwebtoken:jjwt): 0.12.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-42003
Vulnerable Library - jackson-databind-2.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Dependency Hierarchy:
- jjwt-0.7.0.jar (Root Library)
- ❌ jackson-databind-2.10.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Publish Date: 2022-10-02
URL: CVE-2022-42003
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-10-02
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.12.7.1
Direct dependency fix Resolution (io.jsonwebtoken:jjwt): 0.12.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-46877
Vulnerable Library - jackson-databind-2.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Dependency Hierarchy:
- jjwt-0.7.0.jar (Root Library)
- ❌ jackson-databind-2.10.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
Publish Date: 2023-03-18
URL: CVE-2021-46877
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2021-46877
Release Date: 2023-03-18
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.12.6
Direct dependency fix Resolution (io.jsonwebtoken:jjwt): 0.8.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-36518
Vulnerable Library - jackson-databind-2.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Dependency Hierarchy:
- jjwt-0.7.0.jar (Root Library)
- ❌ jackson-databind-2.10.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Mend Note: After conducting further research, Mend has determined that all versions of com.fasterxml.jackson.core:jackson-databind up to version 2.13.2 are vulnerable to CVE-2020-36518.
Publish Date: 2022-03-11
URL: CVE-2020-36518
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-03-11
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.12.6.1
Direct dependency fix Resolution (io.jsonwebtoken:jjwt): 0.12.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-25649
Vulnerable Library - jackson-databind-2.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Dependency Hierarchy:
- jjwt-0.7.0.jar (Root Library)
- ❌ jackson-databind-2.10.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Publish Date: 2020-12-03
URL: CVE-2020-25649
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2020-12-03
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.10.5.1
Direct dependency fix Resolution (io.jsonwebtoken:jjwt): 0.8.0
⛑️ Automatic Remediation will be attempted for this issue.
WS-2021-0616
Vulnerable Library - jackson-databind-2.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Dependency Hierarchy:
- jjwt-0.7.0.jar (Root Library)
- ❌ jackson-databind-2.10.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
FasterXML jackson-databind before 2.12.6 and 2.13.1 there is DoS when using JDK serialization to serialize JsonNode.
Publish Date: 2021-11-20
URL: WS-2021-0616
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2021-11-20
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.10.2
Direct dependency fix Resolution (io.jsonwebtoken:jjwt): 0.8.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
jquery-3.2.1.jar: 3 vulnerabilities (highest severity is: 6.1) - autoclosed
Vulnerable Library - jquery-3.2.1.jar
WebJar for jQuery
Library home page: http://webjars.org
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar,/home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2020-11023 | Medium |
6.1 | jquery-3.2.1.jar | Direct | 3.5.0 | ✅ |
| CVE-2020-11022 | Medium |
6.1 | jquery-3.2.1.jar | Direct | 3.5.0 | ✅ |
| CVE-2019-11358 | Medium |
6.1 | jquery-3.2.1.jar | Direct | 3.4.0 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-11023
Vulnerable Library - jquery-3.2.1.jar
WebJar for jQuery
Library home page: http://webjars.org
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar,/home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar
Dependency Hierarchy:
- ❌ jquery-3.2.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: 3.5.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-11022
Vulnerable Library - jquery-3.2.1.jar
WebJar for jQuery
Library home page: http://webjars.org
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar,/home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar
Dependency Hierarchy:
- ❌ jquery-3.2.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: 3.5.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-11358
Vulnerable Library - jquery-3.2.1.jar
WebJar for jQuery
Library home page: http://webjars.org
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar,/home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar
Dependency Hierarchy:
- ❌ jquery-3.2.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
bootstrap-3.1.1.min.js: 6 vulnerabilities (highest severity is: 6.1)
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /webgoat-lessons/challenge/target/classes/js/bootstrap.min.js,/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (bootstrap version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2019-8331 | Medium |
6.1 | bootstrap-3.1.1.min.js | Direct | bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1 | ❌ |
| CVE-2018-20677 | Medium |
6.1 | bootstrap-3.1.1.min.js | Direct | Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0 | ❌ |
| CVE-2018-20676 | Medium |
6.1 | bootstrap-3.1.1.min.js | Direct | bootstrap - 3.4.0 | ❌ |
| CVE-2018-14042 | Medium |
6.1 | bootstrap-3.1.1.min.js | Direct | bootstrap - 3.4.0,4.1.2 | ❌ |
| CVE-2016-10735 | Medium |
6.1 | bootstrap-3.1.1.min.js | Direct | bootstrap - 3.4.0, 4.0.0-beta.2 | ❌ |
| CVE-2018-14040 |  Low |
3.7 | bootstrap-3.1.1.min.js | Direct | bootstrap - 3.4.0,4.1.2 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2019-8331
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /webgoat-lessons/challenge/target/classes/js/bootstrap.min.js,/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
- ❌ bootstrap-3.1.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
CVE-2018-20677
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /webgoat-lessons/challenge/target/classes/js/bootstrap.min.js,/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
- ❌ bootstrap-3.1.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: 2019-01-09
URL: CVE-2018-20677
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
Release Date: 2019-01-09
Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
CVE-2018-20676
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /webgoat-lessons/challenge/target/classes/js/bootstrap.min.js,/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
- ❌ bootstrap-3.1.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Publish Date: 2019-01-09
URL: CVE-2018-20676
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0
CVE-2018-14042
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /webgoat-lessons/challenge/target/classes/js/bootstrap.min.js,/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
- ❌ bootstrap-3.1.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042
Release Date: 2018-07-13
Fix Resolution: bootstrap - 3.4.0,4.1.2
CVE-2016-10735
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /webgoat-lessons/challenge/target/classes/js/bootstrap.min.js,/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
- ❌ bootstrap-3.1.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Mend Note: Converted from WS-2018-0021, on 2022-11-08.
Publish Date: 2019-01-09
URL: CVE-2016-10735
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2
CVE-2018-14040
Vulnerable Library - bootstrap-3.1.1.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /webgoat-lessons/challenge/target/classes/js/bootstrap.min.js,/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
- ❌ bootstrap-3.1.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
CVSS 3 Score Details (3.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14040
Release Date: 2018-07-13
Fix Resolution: bootstrap - 3.4.0,4.1.2
spring-boot-starter-web-2.2.2.RELEASE.jar: 32 vulnerabilities (highest severity is: 9.8)
Vulnerable Library - spring-boot-starter-web-2.2.2.RELEASE.jar
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.2.2.RELEASE/spring-webmvc-5.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (spring-boot-starter-web version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2022-22965 |  Critical |
9.8 | spring-beans-5.2.2.RELEASE.jar | Transitive | 2.4.0 | ✅ |
| CVE-2022-1471 | Critical |
9.8 | snakeyaml-1.25.jar | Transitive | 3.2.0 | ✅ |
| CVE-2016-1000027 | Critical |
9.8 | spring-web-5.2.2.RELEASE.jar | Transitive | 2.4.0 | ✅ |
| CVE-2024-22262 | High |
8.1 | spring-web-5.2.2.RELEASE.jar | Transitive | 3.0.0 | ✅ |
| CVE-2024-22259 | High |
8.1 | spring-web-5.2.2.RELEASE.jar | Transitive | 3.0.0 | ✅ |
| CVE-2024-22243 | High |
8.1 | spring-web-5.2.2.RELEASE.jar | Transitive | 3.0.0 | ✅ |
| CVE-2022-27772 | High |
7.8 | spring-boot-2.2.2.RELEASE.jar | Transitive | 2.2.11.RELEASE | ✅ |
| CVE-2021-22118 | High |
7.8 | spring-web-5.2.2.RELEASE.jar | Transitive | 2.3.11.RELEASE | ✅ |
| CVE-2023-6481 | High |
7.5 | logback-core-1.2.3.jar | Transitive | 3.2.1 | ✅ |
| CVE-2023-6378 | High |
7.5 | logback-classic-1.2.3.jar | Transitive | 3.2.1 | ✅ |
| CVE-2023-20883 | High |
7.5 | spring-boot-autoconfigure-2.2.2.RELEASE.jar | Transitive | 2.5.15 | ✅ |
| CVE-2022-25857 | High |
7.5 | snakeyaml-1.25.jar | Transitive | 3.0.0 | ✅ |
| CVE-2020-5398 | High |
7.5 | spring-web-5.2.2.RELEASE.jar | Transitive | 2.2.3.RELEASE | ✅ |
| CVE-2017-18640 | High |
7.5 | snakeyaml-1.25.jar | Transitive | 2.3.0.RELEASE | ✅ |
| CVE-2021-42550 | Medium |
6.6 | detected in multiple dependencies | Transitive | 2.5.8 | ✅ |
| CVE-2023-34055 | Medium |
6.5 | spring-boot-2.2.2.RELEASE.jar | Transitive | 2.7.18 | ✅ |
| CVE-2023-20863 | Medium |
6.5 | spring-expression-5.2.2.RELEASE.jar | Transitive | 2.4.0 | ✅ |
| CVE-2023-20861 | Medium |
6.5 | spring-expression-5.2.2.RELEASE.jar | Transitive | 2.4.0 | ✅ |
| CVE-2022-38752 | Medium |
6.5 | snakeyaml-1.25.jar | Transitive | 3.0.0 | ✅ |
| CVE-2022-38751 | Medium |
6.5 | snakeyaml-1.25.jar | Transitive | 3.0.0 | ✅ |
| CVE-2022-38749 | Medium |
6.5 | snakeyaml-1.25.jar | Transitive | 3.0.0 | ✅ |
| CVE-2022-22950 | Medium |
6.5 | spring-expression-5.2.2.RELEASE.jar | Transitive | 2.4.0 | ✅ |
| CVE-2020-5421 | Medium |
6.5 | spring-web-5.2.2.RELEASE.jar | Transitive | 2.2.10.RELEASE | ✅ |
| CVE-2023-1932 | Medium |
6.1 | hibernate-validator-6.0.18.Final.jar | Transitive | 2.3.0.RELEASE | ✅ |
| CVE-2022-41854 | Medium |
5.8 | snakeyaml-1.25.jar | Transitive | 3.0.0 | ✅ |
| CVE-2022-38750 | Medium |
5.5 | snakeyaml-1.25.jar | Transitive | 3.0.0 | ✅ |
| CVE-2022-22970 | Medium |
5.3 | detected in multiple dependencies | Transitive | 2.4.0 | ✅ |
| CVE-2022-22968 | Medium |
5.3 | spring-context-5.2.2.RELEASE.jar | Transitive | 2.4.0 | ✅ |
| CVE-2020-5397 | Medium |
5.3 | detected in multiple dependencies | Transitive | 2.2.3.RELEASE | ✅ |
| CVE-2020-10693 | Medium |
5.3 | hibernate-validator-6.0.18.Final.jar | Transitive | 2.2.8.RELEASE | ✅ |
| CVE-2021-22096 | Medium |
4.3 | detected in multiple dependencies | Transitive | 2.4.0 | ✅ |
| CVE-2021-22060 | Medium |
4.3 | detected in multiple dependencies | Transitive | 2.4.0 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Partial details (21 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE-2022-22965
Vulnerable Library - spring-beans-5.2.2.RELEASE.jar
Spring Beans
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.2.RELEASE/spring-beans-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- spring-boot-2.2.2.RELEASE.jar
- spring-context-5.2.2.RELEASE.jar
- spring-aop-5.2.2.RELEASE.jar
- ❌ spring-beans-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-aop-5.2.2.RELEASE.jar
- spring-context-5.2.2.RELEASE.jar
- spring-boot-2.2.2.RELEASE.jar
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Mend Note: Converted from WS-2022-0107, on 2022-11-07.
Publish Date: 2022-04-01
URL: CVE-2022-22965
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Release Date: 2022-04-01
Fix Resolution (org.springframework:spring-beans): 5.2.20.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.4.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-1471
Vulnerable Library - snakeyaml-1.25.jar
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- ❌ snakeyaml-1.25.jar (Vulnerable Library)
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
Publish Date: 2022-12-01
URL: CVE-2022-1471
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374
Release Date: 2022-12-01
Fix Resolution (org.yaml:snakeyaml): 2.0
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.2.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2016-1000027
Vulnerable Library - spring-web-5.2.2.RELEASE.jar
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
- ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Mend Note: After conducting further research, Mend has determined that all versions of spring-web up to version 6.0.0 are vulnerable to CVE-2016-1000027.
Publish Date: 2020-01-02
URL: CVE-2016-1000027
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-4wrc-f8pq-fpqp
Release Date: 2020-01-02
Fix Resolution (org.springframework:spring-web): 5.2.23.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.4.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-22262
Vulnerable Library - spring-web-5.2.2.RELEASE.jar
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
- ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Publish Date: 2024-04-16
URL: CVE-2024-22262
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22262
Release Date: 2024-04-16
Fix Resolution (org.springframework:spring-web): 5.3.34
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-22259
Vulnerable Library - spring-web-5.2.2.RELEASE.jar
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
- ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Publish Date: 2024-03-16
URL: CVE-2024-22259
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22259
Release Date: 2024-03-16
Fix Resolution (org.springframework:spring-web): 5.3.33
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-22243
Vulnerable Library - spring-web-5.2.2.RELEASE.jar
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
- ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Publish Date: 2024-02-23
URL: CVE-2024-22243
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22243
Release Date: 2024-02-23
Fix Resolution (org.springframework:spring-web): 5.3.32
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-27772
Vulnerable Library - spring-boot-2.2.2.RELEASE.jar
Spring Boot
Library home page: https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- ❌ spring-boot-2.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
Publish Date: 2022-03-30
URL: CVE-2022-27772
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-cm59-pr5q-cw85
Release Date: 2022-03-30
Fix Resolution (org.springframework.boot:spring-boot): 2.2.11.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.2.11.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-22118
Vulnerable Library - spring-web-5.2.2.RELEASE.jar
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
- ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
Publish Date: 2021-05-27
URL: CVE-2021-22118
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2021-22118
Release Date: 2021-05-27
Fix Resolution (org.springframework:spring-web): 5.2.15.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.3.11.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-6481
Vulnerable Library - logback-core-1.2.3.jar
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- spring-boot-starter-logging-2.2.2.RELEASE.jar
- logback-classic-1.2.3.jar
- ❌ logback-core-1.2.3.jar (Vulnerable Library)
- logback-classic-1.2.3.jar
- spring-boot-starter-logging-2.2.2.RELEASE.jar
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A serialization vulnerability in logback receiver component part of
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
Publish Date: 2023-12-04
URL: CVE-2023-6481
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-6481
Release Date: 2023-12-04
Fix Resolution (ch.qos.logback:logback-core): 1.2.13
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.2.1
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-6378
Vulnerable Library - logback-classic-1.2.3.jar
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- spring-boot-starter-logging-2.2.2.RELEASE.jar
- ❌ logback-classic-1.2.3.jar (Vulnerable Library)
- spring-boot-starter-logging-2.2.2.RELEASE.jar
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
Publish Date: 2023-11-29
URL: CVE-2023-6378
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://logback.qos.ch/news.html#1.3.12
Release Date: 2023-11-29
Fix Resolution (ch.qos.logback:logback-classic): 1.2.13
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.2.1
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-20883
Vulnerable Library - spring-boot-autoconfigure-2.2.2.RELEASE.jar
Spring Boot AutoConfigure
Library home page: https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-autoconfigure
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.2.2.RELEASE/spring-boot-autoconfigure-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.2.2.RELEASE/spring-boot-autoconfigure-2.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- ❌ spring-boot-autoconfigure-2.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
Publish Date: 2023-05-26
URL: CVE-2023-20883
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-20883
Release Date: 2023-05-26
Fix Resolution (org.springframework.boot:spring-boot-autoconfigure): 2.5.15
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.5.15
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-25857
Vulnerable Library - snakeyaml-1.25.jar
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- ❌ snakeyaml-1.25.jar (Vulnerable Library)
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
Publish Date: 2022-08-30
URL: CVE-2022-25857
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857
Release Date: 2022-08-30
Fix Resolution (org.yaml:snakeyaml): 1.31
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-5398
Vulnerable Library - spring-web-5.2.2.RELEASE.jar
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
- ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-json-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
Publish Date: 2020-01-17
URL: CVE-2020-5398
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2020-5398
Release Date: 2020-01-17
Fix Resolution (org.springframework:spring-web): 5.2.3.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.2.3.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2017-18640
Vulnerable Library - snakeyaml-1.25.jar
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- ❌ snakeyaml-1.25.jar (Vulnerable Library)
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Publish Date: 2019-12-12
URL: CVE-2017-18640
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18640
Release Date: 2019-12-12
Fix Resolution (org.yaml:snakeyaml): 1.26
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.3.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-42550
Vulnerable Libraries - logback-core-1.2.3.jar, logback-classic-1.2.3.jar
logback-core-1.2.3.jar
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.3/logback-core-1.2.3.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- spring-boot-starter-logging-2.2.2.RELEASE.jar
- logback-classic-1.2.3.jar
- ❌ logback-core-1.2.3.jar (Vulnerable Library)
- logback-classic-1.2.3.jar
- spring-boot-starter-logging-2.2.2.RELEASE.jar
- spring-boot-starter-2.2.2.RELEASE.jar
logback-classic-1.2.3.jar
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- spring-boot-starter-logging-2.2.2.RELEASE.jar
- ❌ logback-classic-1.2.3.jar (Vulnerable Library)
- spring-boot-starter-logging-2.2.2.RELEASE.jar
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Mend Note: Converted from WS-2021-0491, on 2022-11-07.
Publish Date: 2021-12-16
URL: CVE-2021-42550
CVSS 3 Score Details (6.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=VE-2021-42550
Release Date: 2021-12-16
Fix Resolution (ch.qos.logback:logback-core): 1.2.8
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.5.8
Fix Resolution (ch.qos.logback:logback-classic): 1.2.8
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.5.8
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-34055
Vulnerable Library - spring-boot-2.2.2.RELEASE.jar
Spring Boot
Library home page: https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- ❌ spring-boot-2.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
- the application uses Spring MVC or Spring WebFlux
- org.springframework.boot:spring-boot-actuator is on the classpath
Publish Date: 2023-11-28
URL: CVE-2023-34055
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-34055
Release Date: 2023-11-28
Fix Resolution (org.springframework.boot:spring-boot): 2.7.18
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.7.18
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-20863
Vulnerable Library - spring-expression-5.2.2.RELEASE.jar
Spring Expression Language (SpEL)
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- spring-boot-2.2.2.RELEASE.jar
- spring-context-5.2.2.RELEASE.jar
- ❌ spring-expression-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-context-5.2.2.RELEASE.jar
- spring-boot-2.2.2.RELEASE.jar
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Publish Date: 2023-04-13
URL: CVE-2023-20863
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-20863
Release Date: 2023-04-13
Fix Resolution (org.springframework:spring-expression): 5.2.24.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.4.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-20861
Vulnerable Library - spring-expression-5.2.2.RELEASE.jar
Spring Expression Language (SpEL)
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.2.2.RELEASE/spring-expression-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- spring-boot-2.2.2.RELEASE.jar
- spring-context-5.2.2.RELEASE.jar
- ❌ spring-expression-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-context-5.2.2.RELEASE.jar
- spring-boot-2.2.2.RELEASE.jar
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Publish Date: 2023-03-23
URL: CVE-2023-20861
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-20861
Release Date: 2023-03-23
Fix Resolution (org.springframework:spring-expression): 5.2.23.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.4.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-38752
Vulnerable Library - snakeyaml-1.25.jar
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- ❌ snakeyaml-1.25.jar (Vulnerable Library)
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
Publish Date: 2022-09-05
URL: CVE-2022-38752
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-9w3m-gqgf-c4p9
Release Date: 2022-09-05
Fix Resolution (org.yaml:snakeyaml): 1.32
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-38751
Vulnerable Library - snakeyaml-1.25.jar
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- ❌ snakeyaml-1.25.jar (Vulnerable Library)
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Publish Date: 2022-09-05
URL: CVE-2022-38751
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039
Release Date: 2022-09-05
Fix Resolution (org.yaml:snakeyaml): 1.31
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-38749
Vulnerable Library - snakeyaml-1.25.jar
YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar,/home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar
Dependency Hierarchy:
- spring-boot-starter-web-2.2.2.RELEASE.jar (Root Library)
- spring-boot-starter-2.2.2.RELEASE.jar
- ❌ snakeyaml-1.25.jar (Vulnerable Library)
- spring-boot-starter-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Publish Date: 2022-09-05
URL: CVE-2022-38749
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027
Release Date: 2022-09-05
Fix Resolution (org.yaml:snakeyaml): 1.31
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
spring-boot-starter-thymeleaf-2.2.2.RELEASE.jar: 1 vulnerabilities (highest severity is: 7.5)
Vulnerable Library - spring-boot-starter-thymeleaf-2.2.2.RELEASE.jar
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (spring-boot-starter-thymeleaf version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2023-38286 | High |
7.5 | thymeleaf-3.0.11.RELEASE.jar | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-38286
Vulnerable Library - thymeleaf-3.0.11.RELEASE.jar
Modern server-side Java template engine for both web and standalone environments
Library home page: http://www.thymeleaf.org
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.11.RELEASE/thymeleaf-3.0.11.RELEASE.jar
Dependency Hierarchy:
- spring-boot-starter-thymeleaf-2.2.2.RELEASE.jar (Root Library)
- thymeleaf-spring5-3.0.11.RELEASE.jar
- ❌ thymeleaf-3.0.11.RELEASE.jar (Vulnerable Library)
- thymeleaf-spring5-3.0.11.RELEASE.jar
Found in base branch: main
Vulnerability Details
Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.
Publish Date: 2023-07-14
URL: CVE-2023-38286
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-7gj7-224w-vpr3
Release Date: 2023-07-14
Fix Resolution: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE
xstream-1.4.5.jar: 35 vulnerabilities (highest severity is: 9.9)
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (xstream version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2021-21345 | Critical |
9.9 | xstream-1.4.5.jar | Direct | 1.4.16 | ✅ |
| CVE-2021-21350 | Critical |
9.8 | xstream-1.4.5.jar | Direct | 1.4.16 | ✅ |
| CVE-2021-21347 | Critical |
9.8 | xstream-1.4.5.jar | Direct | 1.4.16 | ✅ |
| CVE-2021-21346 | Critical |
9.8 | xstream-1.4.5.jar | Direct | 1.4.16 | ✅ |
| CVE-2021-21344 | Critical |
9.8 | xstream-1.4.5.jar | Direct | 1.4.16 | ✅ |
| CVE-2013-7285 | Critical |
9.8 | xstream-1.4.5.jar | Direct | 1.4.10-java7 | ✅ |
| CVE-2021-21351 | Critical |
9.1 | xstream-1.4.5.jar | Direct | 1.4.16 | ✅ |
| CVE-2021-21342 | Critical |
9.1 | xstream-1.4.5.jar | Direct | 1.4.16 | ✅ |
| CVE-2021-39139 | High |
8.8 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-29505 | High |
8.8 | xstream-1.4.5.jar | Direct | 1.4.17 | ✅ |
| CVE-2020-26217 | High |
8.8 | xstream-1.4.5.jar | Direct | 1.4.13-java7 | ✅ |
| CVE-2021-21349 | High |
8.6 | xstream-1.4.5.jar | Direct | 1.4.16 | ✅ |
| CVE-2021-39154 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-39153 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-39152 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-39151 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-39150 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-39149 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-39148 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-39147 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-39146 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-39145 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-39144 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2021-39141 | High |
8.5 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
| CVE-2020-26258 | High |
7.7 | xstream-1.4.5.jar | Direct | 1.4.14-jdk7 | ✅ |
| CVE-2022-41966 | High |
7.5 | xstream-1.4.5.jar | Direct | 1.4.12-java7 | ✅ |
| CVE-2022-40151 | High |
7.5 | xstream-1.4.5.jar | Direct | 1.4.20 | ✅ |
| CVE-2021-43859 | High |
7.5 | xstream-1.4.5.jar | Direct | 1.4.6 | ✅ |
| CVE-2021-21348 | High |
7.5 | xstream-1.4.5.jar | Direct | 1.4.16 | ✅ |
| CVE-2021-21343 | High |
7.5 | xstream-1.4.5.jar | Direct | 1.4.16 | ✅ |
| CVE-2021-21341 | High |
7.5 | xstream-1.4.5.jar | Direct | 1.4.16 | ✅ |
| CVE-2017-7957 | High |
7.5 | xstream-1.4.5.jar | Direct | 1.4.10 | ✅ |
| CVE-2016-3674 | High |
7.5 | xstream-1.4.5.jar | Direct | 1.4.9 | ✅ |
| CVE-2020-26259 | Medium |
6.8 | xstream-1.4.5.jar | Direct | 1.4.14-jdk7 | ✅ |
| CVE-2021-39140 | Medium |
6.3 | xstream-1.4.5.jar | Direct | 1.4.18 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Partial details (21 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE-2021-21345
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21345
CVSS 3 Score Details (9.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-hwpc-8xqv-jvj4
Release Date: 2021-03-23
Fix Resolution: 1.4.16
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-21350
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21350
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-43gc-mjxg-gvrq
Release Date: 2021-03-23
Fix Resolution: 1.4.16
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-21347
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21347
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-qpfq-ph7r-qv6f
Release Date: 2021-03-23
Fix Resolution: 1.4.16
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-21346
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21346
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-4hrm-m67v-5cxr
Release Date: 2021-03-23
Fix Resolution: 1.4.16
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-21344
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21344
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-59jw-jqf4-3wq3
Release Date: 2021-03-23
Fix Resolution: 1.4.16
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2013-7285
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
Publish Date: 2019-05-15
URL: CVE-2013-7285
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7285
Release Date: 2019-05-15
Fix Resolution: 1.4.10-java7
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-21351
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21351
CVSS 3 Score Details (9.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-hrcp-8f3q-4w2c
Release Date: 2021-03-23
Fix Resolution: 1.4.16
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-21342
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21342
CVSS 3 Score Details (9.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-hvv8-336g-rx3m
Release Date: 2021-03-23
Fix Resolution: 1.4.16
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-39139
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39139
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-64xx-cq4q-mf44
Release Date: 2021-08-23
Fix Resolution: 1.4.18
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-29505
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
Publish Date: 2021-05-28
URL: CVE-2021-29505
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-7chv-rrw6-w6fc
Release Date: 2021-05-28
Fix Resolution: 1.4.17
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-26217
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
Publish Date: 2020-11-16
URL: CVE-2020-26217
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-mw36-7c6c-q4q2
Release Date: 2020-11-16
Fix Resolution: 1.4.13-java7
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-21349
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
Publish Date: 2021-03-23
URL: CVE-2021-21349
CVSS 3 Score Details (8.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-f6hm-88x3-mfjv
Release Date: 2021-03-23
Fix Resolution: 1.4.16
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-39154
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39154
CVSS 3 Score Details (8.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-6w62-hx7r-mw68
Release Date: 2021-08-23
Fix Resolution: 1.4.18
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-39153
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39153
CVSS 3 Score Details (8.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153
Release Date: 2021-08-23
Fix Resolution: 1.4.18
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-39152
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.18.
Publish Date: 2021-08-23
URL: CVE-2021-39152
CVSS 3 Score Details (8.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-xw4p-crpj-vjx2
Release Date: 2021-08-23
Fix Resolution: 1.4.18
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-39151
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39151
CVSS 3 Score Details (8.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-hph2-m3g5-xxv4
Release Date: 2021-08-23
Fix Resolution: 1.4.18
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-39150
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.18.
Publish Date: 2021-08-23
URL: CVE-2021-39150
CVSS 3 Score Details (8.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-hph2-m3g5-xxv4
Release Date: 2021-08-23
Fix Resolution: 1.4.18
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-39149
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39149
CVSS 3 Score Details (8.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-3ccq-5vw3-2p6x
Release Date: 2021-08-23
Fix Resolution: 1.4.18
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-39148
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39148
CVSS 3 Score Details (8.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-qrx8-8545-4wg2
Release Date: 2021-08-23
Fix Resolution: 1.4.18
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-39147
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39147
CVSS 3 Score Details (8.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-h7v4-7xg3-hxcc
Release Date: 2021-08-23
Fix Resolution: 1.4.18
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-39146
Vulnerable Library - xstream-1.4.5.jar
XStream is a serialization library from Java objects to XML and back.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar,/home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar
Dependency Hierarchy:
- ❌ xstream-1.4.5.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
Publish Date: 2021-08-23
URL: CVE-2021-39146
CVSS 3 Score Details (8.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-p8pq-r894-fm8f
Release Date: 2021-08-23
Fix Resolution: 1.4.18
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
bootstrap-4.2.1.tgz: 1 vulnerabilities (highest severity is: 6.1)
Vulnerable Library - bootstrap-4.2.1.tgz
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-4.2.1.tgz
Path to dependency file: /docs/package.json
Path to vulnerable library: /docs/package.json
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (bootstrap version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2019-8331 | Medium |
6.1 | bootstrap-4.2.1.tgz | Direct | 4.3.1 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2019-8331
Vulnerable Library - bootstrap-4.2.1.tgz
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-4.2.1.tgz
Path to dependency file: /docs/package.json
Path to vulnerable library: /docs/package.json
Dependency Hierarchy:
- ❌ bootstrap-4.2.1.tgz (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2019-02-20
Fix Resolution: 4.3.1
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
commons-io-2.6.jar: 1 vulnerabilities (highest severity is: 4.8)
Vulnerable Library - commons-io-2.6.jar
The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (commons-io version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2021-29425 | Medium |
4.8 | commons-io-2.6.jar | Direct | 2.7 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2021-29425
Vulnerable Library - commons-io-2.6.jar
The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar,/home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar
Dependency Hierarchy:
- ❌ commons-io-2.6.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
Publish Date: 2021-04-13
URL: CVE-2021-29425
CVSS 3 Score Details (4.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425
Release Date: 2021-04-13
Fix Resolution: 2.7
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
hsqldb-2.5.0.jar: 1 vulnerabilities (highest severity is: 9.8)
Vulnerable Library - hsqldb-2.5.0.jar
HSQLDB - Lightweight 100% Java SQL Database Engine
Library home page: http://hsqldb.org
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar,/home/wss-scanner/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar,/home/wss-scanner/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar,/home/wss-scanner/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (hsqldb version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2022-41853 | Critical |
9.8 | hsqldb-2.5.0.jar | Direct | 2.7.1 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-41853
Vulnerable Library - hsqldb-2.5.0.jar
HSQLDB - Lightweight 100% Java SQL Database Engine
Library home page: http://hsqldb.org
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar,/home/wss-scanner/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar,/home/wss-scanner/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar,/home/wss-scanner/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar
Dependency Hierarchy:
- ❌ hsqldb-2.5.0.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
Publish Date: 2022-10-06
URL: CVE-2022-41853
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-77xx-rxvh-q682
Release Date: 2022-10-06
Fix Resolution: 2.7.1
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
jquery-3.3.1.tgz: 3 vulnerabilities (highest severity is: 6.1)
Vulnerable Library - jquery-3.3.1.tgz
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-3.3.1.tgz
Path to dependency file: /docs/package.json
Path to vulnerable library: /docs/package.json
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2020-11023 | Medium |
6.1 | jquery-3.3.1.tgz | Direct | 3.5.0 | ✅ |
| CVE-2020-11022 | Medium |
6.1 | jquery-3.3.1.tgz | Direct | 3.5.0 | ✅ |
| CVE-2019-11358 | Medium |
6.1 | jquery-3.3.1.tgz | Direct | 3.4.0 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-11023
Vulnerable Library - jquery-3.3.1.tgz
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-3.3.1.tgz
Path to dependency file: /docs/package.json
Path to vulnerable library: /docs/package.json
Dependency Hierarchy:
- ❌ jquery-3.3.1.tgz (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: 3.5.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-11022
Vulnerable Library - jquery-3.3.1.tgz
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-3.3.1.tgz
Path to dependency file: /docs/package.json
Path to vulnerable library: /docs/package.json
Dependency Hierarchy:
- ❌ jquery-3.3.1.tgz (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: 3.5.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-11358
Vulnerable Library - jquery-3.3.1.tgz
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-3.3.1.tgz
Path to dependency file: /docs/package.json
Path to vulnerable library: /docs/package.json
Dependency Hierarchy:
- ❌ jquery-3.3.1.tgz (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
jquery-2.1.4.min.js: 4 vulnerabilities (highest severity is: 6.1)
Vulnerable Library - jquery-2.1.4.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to vulnerable library: /webgoat-container/src/main/resources/static/js/libs/jquery-2.1.4.min.js,/webgoat-container/target/classes/static/js/libs/jquery-2.1.4.min.js
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2020-11023 | Medium |
6.1 | jquery-2.1.4.min.js | Direct | jquery - 3.5.0;jquery-rails - 4.4.0 | ❌ |
| CVE-2020-11022 | Medium |
6.1 | jquery-2.1.4.min.js | Direct | jQuery - 3.5.0 | ❌ |
| CVE-2019-11358 | Medium |
6.1 | jquery-2.1.4.min.js | Direct | jquery - 3.4.0 | ❌ |
| CVE-2015-9251 | Medium |
6.1 | jquery-2.1.4.min.js | Direct | jQuery - 3.0.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-11023
Vulnerable Library - jquery-2.1.4.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to vulnerable library: /webgoat-container/src/main/resources/static/js/libs/jquery-2.1.4.min.js,/webgoat-container/target/classes/static/js/libs/jquery-2.1.4.min.js
Dependency Hierarchy:
- ❌ jquery-2.1.4.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
CVE-2020-11022
Vulnerable Library - jquery-2.1.4.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to vulnerable library: /webgoat-container/src/main/resources/static/js/libs/jquery-2.1.4.min.js,/webgoat-container/target/classes/static/js/libs/jquery-2.1.4.min.js
Dependency Hierarchy:
- ❌ jquery-2.1.4.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
CVE-2019-11358
Vulnerable Library - jquery-2.1.4.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to vulnerable library: /webgoat-container/src/main/resources/static/js/libs/jquery-2.1.4.min.js,/webgoat-container/target/classes/static/js/libs/jquery-2.1.4.min.js
Dependency Hierarchy:
- ❌ jquery-2.1.4.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0
CVE-2015-9251
Vulnerable Library - jquery-2.1.4.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to vulnerable library: /webgoat-container/src/main/resources/static/js/libs/jquery-2.1.4.min.js,/webgoat-container/target/classes/static/js/libs/jquery-2.1.4.min.js
Dependency Hierarchy:
- ❌ jquery-2.1.4.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - 3.0.0
underscore-min-1.10.2.js: 1 vulnerabilities (highest severity is: 7.2)
Vulnerable Library - underscore-min-1.10.2.js
JavaScript's functional programming helper library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.10.2/underscore-min.js
Path to vulnerable library: /webgoat-container/target/classes/static/js/libs/underscore-min.js,/webgoat-container/src/main/resources/static/js/libs/underscore-min.js
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (underscore-min version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2021-23358 | High |
7.2 | underscore-min-1.10.2.js | Direct | underscore - 1.12.1,1.13.0-2 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2021-23358
Vulnerable Library - underscore-min-1.10.2.js
JavaScript's functional programming helper library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.10.2/underscore-min.js
Path to vulnerable library: /webgoat-container/target/classes/static/js/libs/underscore-min.js,/webgoat-container/src/main/resources/static/js/libs/underscore-min.js
Dependency Hierarchy:
- ❌ underscore-min-1.10.2.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
CVSS 3 Score Details (7.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: underscore - 1.12.1,1.13.0-2
postgresql-42.2.8.jar: 6 vulnerabilities (highest severity is: 9.8)
Vulnerable Library - postgresql-42.2.8.jar
Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database
Library home page: https://github.com/pgjdbc/pgjdbc
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (postgresql version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| WS-2022-0080 | Critical |
9.8 | postgresql-42.2.8.jar | Direct | org.postgresql:postgresql:42.3.3 | ✅ |
| CVE-2022-26520 | Critical |
9.8 | postgresql-42.2.8.jar | Direct | 42.2.26 | ✅ |
| CVE-2022-21724 | Critical |
9.8 | postgresql-42.2.8.jar | Direct | org.postgresql:postgresql:42.2.25,42.3.2 | ✅ |
| CVE-2022-31197 | High |
8.0 | postgresql-42.2.8.jar | Direct | 42.2.25.jre6 | ✅ |
| CVE-2020-13692 | High |
7.7 | postgresql-42.2.8.jar | Direct | 42.2.12.jre6 | ✅ |
| CVE-2022-41946 | Medium |
5.5 | postgresql-42.2.8.jar | Direct | 42.2.26.jre6 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2022-0080
Vulnerable Library - postgresql-42.2.8.jar
Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database
Library home page: https://github.com/pgjdbc/pgjdbc
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar
Dependency Hierarchy:
- ❌ postgresql-42.2.8.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In org.postgresql:postgresql before 42.3.3 the connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows unauthenticated attackers that level of control.
Publish Date: 2022-02-16
URL: WS-2022-0080
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-673j-qm5f-xpv8
Release Date: 2022-02-16
Fix Resolution: org.postgresql:postgresql:42.3.3
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-26520
Vulnerable Library - postgresql-42.2.8.jar
Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database
Library home page: https://github.com/pgjdbc/pgjdbc
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar
Dependency Hierarchy:
- ❌ postgresql-42.2.8.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties
Publish Date: 2022-03-10
URL: CVE-2022-26520
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2022-26520
Release Date: 2022-03-10
Fix Resolution: 42.2.26
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-21724
Vulnerable Library - postgresql-42.2.8.jar
Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database
Library home page: https://github.com/pgjdbc/pgjdbc
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar
Dependency Hierarchy:
- ❌ postgresql-42.2.8.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
Publish Date: 2022-02-02
URL: CVE-2022-21724
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-v7wg-cpwc-24m4
Release Date: 2022-02-02
Fix Resolution: org.postgresql:postgresql:42.2.25,42.3.2
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-31197
Vulnerable Library - postgresql-42.2.8.jar
Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database
Library home page: https://github.com/pgjdbc/pgjdbc
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar
Dependency Hierarchy:
- ❌ postgresql-42.2.8.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow() method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. ;, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the ResultSet.refreshRow() method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the refreshRow() method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as 42.2.26 and 42.4.1. Users are advised to upgrade. There are no known workarounds for this issue.
Publish Date: 2022-08-03
URL: CVE-2022-31197
CVSS 3 Score Details (8.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-r38f-c4h4-hqq2
Release Date: 2022-08-03
Fix Resolution: 42.2.25.jre6
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-13692
Vulnerable Library - postgresql-42.2.8.jar
Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database
Library home page: https://github.com/pgjdbc/pgjdbc
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar
Dependency Hierarchy:
- ❌ postgresql-42.2.8.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
Publish Date: 2020-06-04
URL: CVE-2020-13692
CVSS 3 Score Details (7.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13
Release Date: 2020-06-04
Fix Resolution: 42.2.12.jre6
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-41946
Vulnerable Library - postgresql-42.2.8.jar
Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database
Library home page: https://github.com/pgjdbc/pgjdbc
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar,/home/wss-scanner/.m2/repository/org/postgresql/postgresql/42.2.8/postgresql-42.2.8.jar
Dependency Hierarchy:
- ❌ postgresql-42.2.8.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setText(int, InputStream) or PreparedStatemet.setBytea(int, InputStream) will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.
Publish Date: 2022-11-23
URL: CVE-2022-41946
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-562r-vg33-8x8h
Release Date: 2022-11-23
Fix Resolution: 42.2.26.jre6
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
guava-18.0.jar: 3 vulnerabilities (highest severity is: 7.1)
Vulnerable Library - guava-18.0.jar
Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.</p>
Library home page: http://code.google.com/p/guava-libraries
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/18.0/guava-18.0.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/18.0/guava-18.0.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (guava version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2023-2976 | High |
7.1 | guava-18.0.jar | Direct | 32.0.1-android | ✅ |
| CVE-2018-10237 | Medium |
5.9 | guava-18.0.jar | Direct | 24.1.1-android | ✅ |
| CVE-2020-8908 | Low |
3.3 | guava-18.0.jar | Direct | 30.0-android | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-2976
Vulnerable Library - guava-18.0.jar
Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.</p>
Library home page: http://code.google.com/p/guava-libraries
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/18.0/guava-18.0.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/18.0/guava-18.0.jar
Dependency Hierarchy:
- ❌ guava-18.0.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
Mend Note: Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
Publish Date: 2023-06-14
URL: CVE-2023-2976
CVSS 3 Score Details (7.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-7g45-4rm6-3mm3
Release Date: 2023-06-14
Fix Resolution: 32.0.1-android
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-10237
Vulnerable Library - guava-18.0.jar
Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.</p>
Library home page: http://code.google.com/p/guava-libraries
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/18.0/guava-18.0.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/18.0/guava-18.0.jar
Dependency Hierarchy:
- ❌ guava-18.0.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
Publish Date: 2018-04-26
URL: CVE-2018-10237
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-10237
Release Date: 2018-04-26
Fix Resolution: 24.1.1-android
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-8908
Vulnerable Library - guava-18.0.jar
Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.</p>
Library home page: http://code.google.com/p/guava-libraries
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/18.0/guava-18.0.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/18.0/guava-18.0.jar
Dependency Hierarchy:
- ❌ guava-18.0.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
Publish Date: 2020-12-10
URL: CVE-2020-8908
CVSS 3 Score Details (3.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-8908
Release Date: 2020-12-10
Fix Resolution: 30.0-android
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
spring-boot-starter-undertow-2.2.2.RELEASE.jar: 28 vulnerabilities (highest severity is: 9.8)
Vulnerable Library - spring-boot-starter-undertow-2.2.2.RELEASE.jar
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (spring-boot-starter-undertow version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2020-1745 | Critical |
9.8 | undertow-core-2.0.28.Final.jar | Transitive | 2.2.6.RELEASE | ✅ |
| CVE-2020-1757 | High |
8.1 | undertow-core-2.0.28.Final.jar | Transitive | 2.2.6.RELEASE | ✅ |
| CVE-2024-1635 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | 3.0.0 | ✅ |
| CVE-2023-5685 | High |
7.5 | xnio-api-3.3.8.Final.jar | Transitive | N/A* | ❌ |
| CVE-2023-3223 | High |
7.5 | undertow-servlet-2.0.28.Final.jar | Transitive | 2.7.15 | ✅ |
| CVE-2023-1973 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | 3.0.0 | ✅ |
| CVE-2023-1108 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | 2.5.15 | ✅ |
| CVE-2022-4492 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | 2.5.15 | ✅ |
| CVE-2022-2053 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2022-1319 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2022-1259 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | 2.7.15 | ✅ |
| CVE-2022-0084 | High |
7.5 | xnio-api-3.3.8.Final.jar | Transitive | N/A* | ❌ |
| CVE-2021-3859 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | 2.5.10 | ✅ |
| CVE-2021-3690 | High |
7.5 | undertow-websockets-jsr-2.0.28.Final.jar | Transitive | 2.3.0.RELEASE | ✅ |
| CVE-2020-27782 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | 2.2.12.RELEASE | ✅ |
| CVE-2020-10705 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | 2.2.10.RELEASE | ✅ |
| CVE-2019-14888 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | 2.2.3.RELEASE | ✅ |
| CVE-2023-4639 | High |
7.4 | undertow-core-2.0.28.Final.jar | Transitive | 3.0.0 | ✅ |
| CVE-2020-10719 | Medium |
6.5 | undertow-core-2.0.28.Final.jar | Transitive | 2.2.10.RELEASE | ✅ |
| CVE-2021-3629 | Medium |
5.9 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2021-3597 | Medium |
5.9 | undertow-core-2.0.28.Final.jar | Transitive | 2.3.0.RELEASE | ✅ |
| CVE-2024-1459 | Medium |
5.3 | undertow-core-2.0.28.Final.jar | Transitive | 3.0.0 | ✅ |
| CVE-2021-28170 | Medium |
5.3 | jakarta.el-3.0.3.jar | Transitive | 2.4.11 | ✅ |
| CVE-2021-20220 | Medium |
4.8 | undertow-core-2.0.28.Final.jar | Transitive | 2.3.0.RELEASE | ✅ |
| CVE-2020-10687 | Medium |
4.8 | undertow-core-2.0.28.Final.jar | Transitive | 2.3.7.RELEASE | ✅ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-1745
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.
Publish Date: 2020-04-28
URL: CVE-2020-1745
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1745
Release Date: 2020-04-28
Fix Resolution (io.undertow:undertow-core): 2.0.30.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.2.6.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-1757
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Publish Date: 2020-04-21
URL: CVE-2020-1757
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1757
Release Date: 2020-04-30
Fix Resolution (io.undertow:undertow-core): 2.0.30.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.2.6.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-1635
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available.
At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak.
Publish Date: 2024-02-19
URL: CVE-2024-1635
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=2264928
Release Date: 2024-02-19
Fix Resolution (io.undertow:undertow-core): 2.2.31.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-5685
Vulnerable Library - xnio-api-3.3.8.Final.jar
The API JAR of the XNIO project
Library home page: http://www.jboss.org/xnio
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- undertow-core-2.0.28.Final.jar
- ❌ xnio-api-3.3.8.Final.jar (Vulnerable Library)
- undertow-core-2.0.28.Final.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).
Publish Date: 2024-03-22
URL: CVE-2023-5685
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
CVE-2023-3223
Vulnerable Library - undertow-servlet-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-servlet/2.0.28.Final/undertow-servlet-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-servlet-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
Publish Date: 2023-09-27
URL: CVE-2023-3223
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=2209689
Release Date: 2023-09-27
Fix Resolution (io.undertow:undertow-servlet): 2.2.26.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.7.15
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-1973
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
Publish Date: 2023-04-11
URL: CVE-2023-1973
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-1973
Release Date: 2023-04-11
Fix Resolution (io.undertow:undertow-core): 2.3.0.Alpha1
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-1108
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
Publish Date: 2023-09-14
URL: CVE-2023-1108
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-1108
Release Date: 2023-09-14
Fix Resolution (io.undertow:undertow-core): 2.2.24.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.5.15
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-4492
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Publish Date: 2023-02-23
URL: CVE-2022-4492
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-pfcc-3g6r-8rg8
Release Date: 2023-02-23
Fix Resolution (io.undertow:undertow-core): 2.2.24.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.5.15
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-2053
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.
Publish Date: 2022-08-05
URL: CVE-2022-2053
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-95rf-557x-44g5
Release Date: 2022-08-05
Fix Resolution: io.undertow:undertow-core:2.2.19.Final
CVE-2022-1319
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
Publish Date: 2022-08-31
URL: CVE-2022-1319
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-1319
Release Date: 2022-08-31
Fix Resolution: io.undertow:undertow-core:2.2.18.Final,2.3.0.Final
CVE-2022-1259
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.
Publish Date: 2022-08-31
URL: CVE-2022-1259
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-08-31
Fix Resolution (io.undertow:undertow-core): 2.2.26.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.7.15
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-0084
Vulnerable Library - xnio-api-3.3.8.Final.jar
The API JAR of the XNIO project
Library home page: http://www.jboss.org/xnio
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- undertow-core-2.0.28.Final.jar
- ❌ xnio-api-3.3.8.Final.jar (Vulnerable Library)
- undertow-core-2.0.28.Final.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.
Publish Date: 2022-08-26
URL: CVE-2022-0084
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-08-26
Fix Resolution: org.jboss.xnio:xnio-api:3.8.8.Final
CVE-2021-3859
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
Publish Date: 2022-08-26
URL: CVE-2021-3859
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-08-26
Fix Resolution (io.undertow:undertow-core): 2.2.15.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.5.10
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-3690
Vulnerable Library - undertow-websockets-jsr-2.0.28.Final.jar
Undertow
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-websockets-jsr/2.0.28.Final/undertow-websockets-jsr-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-websockets-jsr-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
Publish Date: 2022-08-23
URL: CVE-2021-3690
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://issues.redhat.com/browse/UNDERTOW-1935
Release Date: 2022-08-23
Fix Resolution (io.undertow:undertow-websockets-jsr): 2.0.40.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.3.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-27782
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.
Publish Date: 2021-02-23
URL: CVE-2020-27782
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-rhcw-wjcm-9h6g
Release Date: 2021-02-23
Fix Resolution (io.undertow:undertow-core): 2.0.33.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.2.12.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-10705
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.
Publish Date: 2020-06-10
URL: CVE-2020-10705
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10705
Release Date: 2020-06-10
Fix Resolution (io.undertow:undertow-core): 2.0.31.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.2.10.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-14888
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Publish Date: 2020-01-23
URL: CVE-2019-14888
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2019-14888
Release Date: 2020-01-23
Fix Resolution (io.undertow:undertow-core): 2.0.29.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.2.3.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-4639
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
Publish Date: 2023-08-30
URL: CVE-2023-4639
CVSS 3 Score Details (7.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2023-4639
Release Date: 2023-08-30
Fix Resolution (io.undertow:undertow-core): 2.2.31.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-10719
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
Publish Date: 2020-05-26
URL: CVE-2020-10719
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10719
Release Date: 2020-05-26
Fix Resolution (io.undertow:undertow-core): 2.0.31.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.2.10.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-3629
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.
Publish Date: 2022-05-24
URL: CVE-2021-3629
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2021-3629
Release Date: 2022-05-24
Fix Resolution: io.undertow:undertow-core:2.0.40.Final,2.2.11.Final;io.undertow:undertow-benchmarks:2.0.40.Final,2.2.11.Final;io.undertow:undertow-examples:2.0.40.Final,2.2.11.Final
CVE-2021-3597
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.
Publish Date: 2022-05-24
URL: CVE-2021-3597
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1970930
Release Date: 2022-05-24
Fix Resolution (io.undertow:undertow-core): 2.0.39.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.3.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-1459
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.
Publish Date: 2024-02-12
URL: CVE-2024-1459
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-v76w-3ph8-vm66
Release Date: 2024-02-12
Fix Resolution (io.undertow:undertow-core): 2.2.31.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 3.0.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-28170
Vulnerable Library - jakarta.el-3.0.3.jar
Jakarta Expression Language provides a specification document, API, reference implementation and TCK that describes an expression language for Java applications.
Library home page: https://projects.eclipse.org/projects/ee4j.el
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/glassfish/jakarta.el/3.0.3/jakarta.el-3.0.3.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ jakarta.el-3.0.3.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
Publish Date: 2021-05-26
URL: CVE-2021-28170
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2021-28170
Release Date: 2021-05-26
Fix Resolution (org.glassfish:jakarta.el): 3.0.4
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.4.11
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-20220
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.
Publish Date: 2021-02-23
URL: CVE-2021-20220
CVSS 3 Score Details (4.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-qjwc-v72v-fq6r
Release Date: 2021-02-23
Fix Resolution (io.undertow:undertow-core): 2.0.34.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.3.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-10687
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- spring-boot-starter-undertow-2.2.2.RELEASE.jar (Root Library)
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
Publish Date: 2020-09-23
URL: CVE-2020-10687
CVSS 3 Score Details (4.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1785049
Release Date: 2020-09-23
Fix Resolution (io.undertow:undertow-core): 2.1.5.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.3.7.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
spring-boot-starter-data-jpa-2.2.2.RELEASE.jar: 3 vulnerabilities (highest severity is: 9.8)
Vulnerable Library - spring-boot-starter-data-jpa-2.2.2.RELEASE.jar
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.4.9.Final/hibernate-core-5.4.9.Final.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (spring-boot-starter-data-jpa version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2020-10683 | Critical |
9.8 | dom4j-2.1.1.jar | Transitive | 2.2.7.RELEASE | ✅ |
| CVE-2020-25638 | High |
7.4 | hibernate-core-5.4.9.Final.jar | Transitive | 2.2.12.RELEASE | ✅ |
| CVE-2019-14900 | Medium |
6.5 | hibernate-core-5.4.9.Final.jar | Transitive | 2.2.9.RELEASE | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-10683
Vulnerable Library - dom4j-2.1.1.jar
flexible XML framework for Java
Library home page: http://dom4j.github.io/
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/dom4j/dom4j/2.1.1/dom4j-2.1.1.jar
Dependency Hierarchy:
- spring-boot-starter-data-jpa-2.2.2.RELEASE.jar (Root Library)
- hibernate-core-5.4.9.Final.jar
- ❌ dom4j-2.1.1.jar (Vulnerable Library)
- hibernate-core-5.4.9.Final.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
Publish Date: 2020-05-01
URL: CVE-2020-10683
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2020-05-01
Fix Resolution (org.dom4j:dom4j): 2.1.3
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-data-jpa): 2.2.7.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-25638
Vulnerable Library - hibernate-core-5.4.9.Final.jar
Hibernate's core ORM functionality
Library home page: http://hibernate.org/orm
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.4.9.Final/hibernate-core-5.4.9.Final.jar
Dependency Hierarchy:
- spring-boot-starter-data-jpa-2.2.2.RELEASE.jar (Root Library)
- ❌ hibernate-core-5.4.9.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
Publish Date: 2020-12-02
URL: CVE-2020-25638
CVSS 3 Score Details (7.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://in.relation.to/2020/11/19/hibernate-orm-5424-final-release/
Release Date: 2020-12-02
Fix Resolution (org.hibernate:hibernate-core): 5.4.24.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-data-jpa): 2.2.12.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-14900
Vulnerable Library - hibernate-core-5.4.9.Final.jar
Hibernate's core ORM functionality
Library home page: http://hibernate.org/orm
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.4.9.Final/hibernate-core-5.4.9.Final.jar
Dependency Hierarchy:
- spring-boot-starter-data-jpa-2.2.2.RELEASE.jar (Root Library)
- ❌ hibernate-core-5.4.9.Final.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
Publish Date: 2020-07-06
URL: CVE-2019-14900
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14900
Release Date: 2020-07-06
Fix Resolution (org.hibernate:hibernate-core): 5.4.18.Final
Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-data-jpa): 2.2.9.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
webwolf-v8.1.0.jar: 49 vulnerabilities (highest severity is: 9.8) - autoclosed
Vulnerable Library - webwolf-v8.1.0.jar
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (webwolf-v8.1.0.jar version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2022-22965 | Critical |
9.8 | spring-beans-5.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2023-20873 | Critical |
9.8 | spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2016-1000027 | Critical |
9.8 | spring-web-5.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2020-10683 | Critical |
9.8 | dom4j-2.1.1.jar | Transitive | N/A* | ❌ |
| CVE-2022-41853 | Critical |
9.8 | hsqldb-2.5.0.jar | Transitive | N/A* | ❌ |
| CVE-2020-1745 | Critical |
9.8 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2021-22112 | High |
8.8 | spring-security-web-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2020-1757 | High |
8.1 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2021-22118 | High |
7.8 | spring-web-5.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2022-2053 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2020-25649 | High |
7.5 | jackson-databind-2.10.1.jar | Transitive | N/A* | ❌ |
| CVE-2020-5398 | High |
7.5 | spring-web-5.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2021-46877 | High |
7.5 | jackson-databind-2.10.1.jar | Transitive | N/A* | ❌ |
| CVE-2022-1319 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2019-14888 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2022-4492 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2022-42004 | High |
7.5 | jackson-databind-2.10.1.jar | Transitive | N/A* | ❌ |
| CVE-2022-42003 | High |
7.5 | jackson-databind-2.10.1.jar | Transitive | N/A* | ❌ |
| CVE-2022-0084 | High |
7.5 | xnio-api-3.3.8.Final.jar | Transitive | N/A* | ❌ |
| CVE-2020-36518 | High |
7.5 | jackson-databind-2.10.1.jar | Transitive | N/A* | ❌ |
| CVE-2020-27782 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2021-3690 | High |
7.5 | undertow-websockets-jsr-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2020-10705 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2022-1259 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2023-1108 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2021-3859 | High |
7.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2020-25638 | High |
7.4 | hibernate-core-5.4.9.Final.jar | Transitive | N/A* | ❌ |
| CVE-2020-10719 | Medium |
6.5 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2019-14900 | Medium |
6.5 | hibernate-core-5.4.9.Final.jar | Transitive | N/A* | ❌ |
| CVE-2022-22950 | Medium |
6.5 | spring-expression-5.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2020-5408 | Medium |
6.5 | spring-security-core-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2023-20861 | Medium |
6.5 | spring-expression-5.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2023-20863 | Medium |
6.5 | spring-expression-5.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2020-5421 | Medium |
6.5 | spring-web-5.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| WS-2017-3767 | Medium |
6.3 | spring-security-web-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
| WS-2016-7107 | Medium |
5.9 | spring-security-web-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2021-3629 | Medium |
5.9 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2021-3597 | Medium |
5.9 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| WS-2021-0616 | Medium |
5.9 | jackson-databind-2.10.1.jar | Transitive | N/A* | ❌ |
| WS-2020-0293 | Medium |
5.9 | spring-security-web-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2022-22968 | Medium |
5.3 | spring-context-5.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2022-22970 | Medium |
5.3 | spring-beans-5.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2020-5397 | Medium |
5.3 | detected in multiple dependencies | Transitive | N/A* | ❌ |
| CVE-2020-10693 | Medium |
5.3 | hibernate-validator-6.0.18.Final.jar | Transitive | N/A* | ❌ |
| CVE-2021-28170 | Medium |
5.3 | jakarta.el-3.0.3.jar | Transitive | N/A* | ❌ |
| CVE-2020-10687 | Medium |
4.8 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2021-20220 | Medium |
4.8 | undertow-core-2.0.28.Final.jar | Transitive | N/A* | ❌ |
| CVE-2021-22096 | Medium |
4.3 | detected in multiple dependencies | Transitive | N/A* | ❌ |
| CVE-2021-22060 | Medium |
4.3 | spring-web-5.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Partial details (21 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE-2022-22965
Vulnerable Library - spring-beans-5.2.2.RELEASE.jar
Spring Beans
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.2.2.RELEASE/spring-beans-5.2.2.RELEASE.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
- spring-aop-5.2.2.RELEASE.jar
- ❌ spring-beans-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-aop-5.2.2.RELEASE.jar
- spring-boot-starter-security-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Mend Note: Converted from WS-2022-0107, on 2022-11-07.
Publish Date: 2022-04-01
URL: CVE-2022-22965
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Release Date: 2022-04-01
Fix Resolution: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18
CVE-2023-20873
Vulnerable Library - spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar
Spring Boot Actuator AutoConfigure
Library home page: https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-actuator-autoconfigure
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.2.2.RELEASE/spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-actuator-2.2.2.RELEASE.jar
- ❌ spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-actuator-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
Publish Date: 2023-04-20
URL: CVE-2023-20873
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-20873
Release Date: 2023-04-20
Fix Resolution: org.springframework.boot:spring-boot-actuator-autoconfigure:2.7.11,3.0.6
CVE-2016-1000027
Vulnerable Library - spring-web-5.2.2.RELEASE.jar
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-web-2.2.2.RELEASE.jar
- ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-web-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Mend Note: After conducting further research, Mend has determined that all versions of spring-web up to version 6.0.0 are vulnerable to CVE-2016-1000027.
Publish Date: 2020-01-02
URL: CVE-2016-1000027
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-4wrc-f8pq-fpqp
Release Date: 2020-01-02
Fix Resolution: org.springframework:spring-web:6.0.0
CVE-2020-10683
Vulnerable Library - dom4j-2.1.1.jar
flexible XML framework for Java
Library home page: http://dom4j.github.io/
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/dom4j/dom4j/2.1.1/dom4j-2.1.1.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-data-jpa-2.2.2.RELEASE.jar
- hibernate-core-5.4.9.Final.jar
- ❌ dom4j-2.1.1.jar (Vulnerable Library)
- hibernate-core-5.4.9.Final.jar
- spring-boot-starter-data-jpa-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
Publish Date: 2020-05-01
URL: CVE-2020-10683
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2020-05-01
Fix Resolution: org.dom4j:dom4j:2.1.3,org.dom4j:dom4j:2.0.3
CVE-2022-41853
Vulnerable Library - hsqldb-2.5.0.jar
HSQLDB - Lightweight 100% Java SQL Database Engine
Library home page: http://hsqldb.org
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hsqldb/hsqldb/2.5.0/hsqldb-2.5.0.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- ❌ hsqldb-2.5.0.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.
Publish Date: 2022-10-06
URL: CVE-2022-41853
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVE-2020-1745
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.
Publish Date: 2020-04-28
URL: CVE-2020-1745
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1745
Release Date: 2020-04-28
Fix Resolution: io.undertow:undertow-core:2.0.30.Final
CVE-2021-22112
Vulnerable Library - spring-security-web-5.2.1.RELEASE.jar
spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
- ❌ spring-security-web-5.2.1.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
Publish Date: 2021-02-23
URL: CVE-2021-22112
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2021-22112
Release Date: 2021-02-23
Fix Resolution: org.springframework.security:spring-security-web:5.2.9,5.3.8,5.4.4
CVE-2020-1757
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Publish Date: 2020-04-21
URL: CVE-2020-1757
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1757
Release Date: 2020-04-30
Fix Resolution: io.undertow:undertow-core:2.0.30.Final, io.undertow:undertow-examples:2.0.30.Final
CVE-2021-22118
Vulnerable Library - spring-web-5.2.2.RELEASE.jar
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-web-2.2.2.RELEASE.jar
- ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-web-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
Publish Date: 2021-05-27
URL: CVE-2021-22118
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2021-22118
Release Date: 2021-05-27
Fix Resolution: org.springframework:spring-web:5.2.15,5.3.7
CVE-2022-2053
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.
Publish Date: 2022-08-05
URL: CVE-2022-2053
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-95rf-557x-44g5
Release Date: 2022-08-05
Fix Resolution: io.undertow:undertow-core:2.2.19.Final
CVE-2020-25649
Vulnerable Library - jackson-databind-2.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /webgoat-lessons/jwt/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- jackson-datatype-jsr310-2.10.1.jar
- ❌ jackson-databind-2.10.1.jar (Vulnerable Library)
- jackson-datatype-jsr310-2.10.1.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
Publish Date: 2020-12-03
URL: CVE-2020-25649
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2020-12-03
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.6.7.4,2.9.10.7,2.10.5.1,2.11.0.rc1
CVE-2020-5398
Vulnerable Library - spring-web-5.2.2.RELEASE.jar
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.2.2.RELEASE/spring-web-5.2.2.RELEASE.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-web-2.2.2.RELEASE.jar
- ❌ spring-web-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-web-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
Publish Date: 2020-01-17
URL: CVE-2020-5398
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2020-5398
Release Date: 2020-01-17
Fix Resolution: org.springframework:spring-web:5.0.16.RELEASE,org.springframework:spring-web:5.1.13.RELEASE,org.springframework:spring-web:5.2.3.RELEASE
CVE-2021-46877
Vulnerable Library - jackson-databind-2.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /webgoat-lessons/jwt/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- jackson-datatype-jsr310-2.10.1.jar
- ❌ jackson-databind-2.10.1.jar (Vulnerable Library)
- jackson-datatype-jsr310-2.10.1.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
Publish Date: 2023-03-18
URL: CVE-2021-46877
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2021-46877
Release Date: 2023-03-18
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.12.6,2.13.1
CVE-2022-1319
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
Publish Date: 2022-08-31
URL: CVE-2022-1319
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-1319
Release Date: 2022-08-31
Fix Resolution: io.undertow:undertow-core:2.2.18.Final,2.3.0.Final
CVE-2019-14888
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Publish Date: 2020-01-23
URL: CVE-2019-14888
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2019-14888
Release Date: 2020-01-23
Fix Resolution: 2.0.29.Final
CVE-2022-4492
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Publish Date: 2023-02-23
URL: CVE-2022-4492
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-pfcc-3g6r-8rg8
Release Date: 2023-02-23
Fix Resolution: io.undertow:undertow-core:2.2.24.Final,2.3.5.Final, io.undertow:undertow-examples:2.2.24.Final,2.3.5.Final, io.undertow:undertow-benchmarks:2.2.24.Final,2.3.5.Final
CVE-2022-42004
Vulnerable Library - jackson-databind-2.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /webgoat-lessons/jwt/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- jackson-datatype-jsr310-2.10.1.jar
- ❌ jackson-databind-2.10.1.jar (Vulnerable Library)
- jackson-datatype-jsr310-2.10.1.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
Publish Date: 2022-10-02
URL: CVE-2022-42004
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-10-02
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.13.4
CVE-2022-42003
Vulnerable Library - jackson-databind-2.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /webgoat-lessons/jwt/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- jackson-datatype-jsr310-2.10.1.jar
- ❌ jackson-databind-2.10.1.jar (Vulnerable Library)
- jackson-datatype-jsr310-2.10.1.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1
Publish Date: 2022-10-02
URL: CVE-2022-42003
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-10-02
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.1
CVE-2022-0084
Vulnerable Library - xnio-api-3.3.8.Final.jar
The API JAR of the XNIO project
Library home page: http://www.jboss.org/xnio
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.3.8.Final/xnio-api-3.3.8.Final.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
- undertow-core-2.0.28.Final.jar
- ❌ xnio-api-3.3.8.Final.jar (Vulnerable Library)
- undertow-core-2.0.28.Final.jar
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.
Publish Date: 2022-08-26
URL: CVE-2022-0084
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-08-26
Fix Resolution: org.jboss.xnio:xnio-api:3.8.8.Final
CVE-2020-36518
Vulnerable Library - jackson-databind-2.10.1.jar
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /webgoat-lessons/jwt/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar,/home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.10.1/jackson-databind-2.10.1.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- jackson-datatype-jsr310-2.10.1.jar
- ❌ jackson-databind-2.10.1.jar (Vulnerable Library)
- jackson-datatype-jsr310-2.10.1.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Mend Note: After conducting further research, Mend has determined that all versions of com.fasterxml.jackson.core:jackson-databind up to version 2.13.2 are vulnerable to CVE-2020-36518.
Publish Date: 2022-03-11
URL: CVE-2020-36518
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-03-11
Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1
CVE-2020-27782
Vulnerable Library - undertow-core-2.0.28.Final.jar
Undertow
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.0.28.Final/undertow-core-2.0.28.Final.jar
Dependency Hierarchy:
- webwolf-v8.1.0.jar (Root Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
- ❌ undertow-core-2.0.28.Final.jar (Vulnerable Library)
- spring-boot-starter-undertow-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.
Publish Date: 2021-02-23
URL: CVE-2020-27782
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-rhcw-wjcm-9h6g
Release Date: 2021-02-23
Fix Resolution: io.undertow:undertow-core:2.0.33.Final,2.1.5.Final
jquery-3.4.1.min.js: 2 vulnerabilities (highest severity is: 6.1)
Vulnerable Library - jquery-3.4.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Path to vulnerable library: /webgoat-container/target/classes/static/js/libs/jquery.min.js,/webgoat-container/src/main/resources/static/js/libs/jquery.min.js
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2020-11023 | Medium |
6.1 | jquery-3.4.1.min.js | Direct | jquery - 3.5.0;jquery-rails - 4.4.0 | ❌ |
| CVE-2020-11022 | Medium |
6.1 | jquery-3.4.1.min.js | Direct | jQuery - 3.5.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-11023
Vulnerable Library - jquery-3.4.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Path to vulnerable library: /webgoat-container/target/classes/static/js/libs/jquery.min.js,/webgoat-container/src/main/resources/static/js/libs/jquery.min.js
Dependency Hierarchy:
- ❌ jquery-3.4.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
CVE-2020-11022
Vulnerable Library - jquery-3.4.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Path to vulnerable library: /webgoat-container/target/classes/static/js/libs/jquery.min.js,/webgoat-container/src/main/resources/static/js/libs/jquery.min.js
Dependency Hierarchy:
- ❌ jquery-3.4.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
jquery-ui-1.12.1.min.js: 4 vulnerabilities (highest severity is: 6.1)
Vulnerable Library - jquery-ui-1.12.1.min.js
A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Path to vulnerable library: /webgoat-container/target/classes/static/js/libs/jquery-ui.min.js,/webgoat-container/src/main/resources/static/js/libs/jquery-ui.min.js
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery-ui version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2022-31160 | Medium |
6.1 | jquery-ui-1.12.1.min.js | Direct | jquery-ui - 1.13.2 | ❌ |
| CVE-2021-41184 | Medium |
6.1 | jquery-ui-1.12.1.min.js | Direct | jquery-ui - 1.13.0 | ❌ |
| CVE-2021-41183 | Medium |
6.1 | jquery-ui-1.12.1.min.js | Direct | jquery-ui - 1.13.0 | ❌ |
| CVE-2021-41182 | Medium |
6.1 | jquery-ui-1.12.1.min.js | Direct | jquery-ui - 1.13.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-31160
Vulnerable Library - jquery-ui-1.12.1.min.js
A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Path to vulnerable library: /webgoat-container/target/classes/static/js/libs/jquery-ui.min.js,/webgoat-container/src/main/resources/static/js/libs/jquery-ui.min.js
Dependency Hierarchy:
- ❌ jquery-ui-1.12.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the label in a span.
Publish Date: 2022-07-20
URL: CVE-2022-31160
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160
Release Date: 2022-07-20
Fix Resolution: jquery-ui - 1.13.2
CVE-2021-41184
Vulnerable Library - jquery-ui-1.12.1.min.js
A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Path to vulnerable library: /webgoat-container/target/classes/static/js/libs/jquery-ui.min.js,/webgoat-container/src/main/resources/static/js/libs/jquery-ui.min.js
Dependency Hierarchy:
- ❌ jquery-ui-1.12.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.
Publish Date: 2021-10-26
URL: CVE-2021-41184
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184
Release Date: 2021-10-26
Fix Resolution: jquery-ui - 1.13.0
CVE-2021-41183
Vulnerable Library - jquery-ui-1.12.1.min.js
A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Path to vulnerable library: /webgoat-container/target/classes/static/js/libs/jquery-ui.min.js,/webgoat-container/src/main/resources/static/js/libs/jquery-ui.min.js
Dependency Hierarchy:
- ❌ jquery-ui-1.12.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.
Publish Date: 2021-10-26
URL: CVE-2021-41183
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183
Release Date: 2021-10-26
Fix Resolution: jquery-ui - 1.13.0
CVE-2021-41182
Vulnerable Library - jquery-ui-1.12.1.min.js
A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Path to vulnerable library: /webgoat-container/target/classes/static/js/libs/jquery-ui.min.js,/webgoat-container/src/main/resources/static/js/libs/jquery-ui.min.js
Dependency Hierarchy:
- ❌ jquery-ui-1.12.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.
Publish Date: 2021-10-26
URL: CVE-2021-41182
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182
Release Date: 2021-10-26
Fix Resolution: jquery-ui - 1.13.0
spring-boot-devtools-2.2.2.RELEASE.jar: 4 vulnerabilities (highest severity is: 7.8) - autoclosed
Vulnerable Library - spring-boot-devtools-2.2.2.RELEASE.jar
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.2.2.RELEASE/spring-core-5.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (spring-boot-devtools version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2022-27772 | High |
7.8 | spring-boot-2.2.2.RELEASE.jar | Transitive | 2.2.11.RELEASE | ✅ |
| CVE-2022-22970 | Medium |
5.3 | spring-core-5.2.2.RELEASE.jar | Transitive | 2.4.0 | ✅ |
| CVE-2021-22060 | Medium |
4.3 | spring-core-5.2.2.RELEASE.jar | Transitive | 2.4.0 | ✅ |
| CVE-2021-22096 | Medium |
4.3 | spring-core-5.2.2.RELEASE.jar | Transitive | 2.4.0 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-27772
Vulnerable Library - spring-boot-2.2.2.RELEASE.jar
Spring Boot
Library home page: https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.2.2.RELEASE/spring-boot-2.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-devtools-2.2.2.RELEASE.jar (Root Library)
- ❌ spring-boot-2.2.2.RELEASE.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer.
Publish Date: 2022-03-30
URL: CVE-2022-27772
CVSS 3 Score Details (7.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-cm59-pr5q-cw85
Release Date: 2022-03-30
Fix Resolution (org.springframework.boot:spring-boot): 2.2.11.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-devtools): 2.2.11.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-22970
Vulnerable Library - spring-core-5.2.2.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.2.2.RELEASE/spring-core-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-devtools-2.2.2.RELEASE.jar (Root Library)
- spring-boot-2.2.2.RELEASE.jar
- ❌ spring-core-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Publish Date: 2022-05-12
URL: CVE-2022-22970
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2022-22970
Release Date: 2022-05-12
Fix Resolution (org.springframework:spring-core): 5.2.22.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-devtools): 2.4.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-22060
Vulnerable Library - spring-core-5.2.2.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.2.2.RELEASE/spring-core-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-devtools-2.2.2.RELEASE.jar (Root Library)
- spring-boot-2.2.2.RELEASE.jar
- ❌ spring-core-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
Publish Date: 2022-01-10
URL: CVE-2021-22060
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2021-22060
Release Date: 2022-01-10
Fix Resolution (org.springframework:spring-core): 5.2.19.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-devtools): 2.4.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-22096
Vulnerable Library - spring-core-5.2.2.RELEASE.jar
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.2.2.RELEASE/spring-core-5.2.2.RELEASE.jar
Dependency Hierarchy:
- spring-boot-devtools-2.2.2.RELEASE.jar (Root Library)
- spring-boot-2.2.2.RELEASE.jar
- ❌ spring-core-5.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Publish Date: 2021-10-28
URL: CVE-2021-22096
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2021-22096
Release Date: 2021-10-28
Fix Resolution (org.springframework:spring-core): 5.2.18.RELEASE
Direct dependency fix Resolution (org.springframework.boot:spring-boot-devtools): 2.4.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
jquery-1.10.2.min.js: 4 vulnerabilities (highest severity is: 6.1)
Vulnerable Library - jquery-1.10.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js
Path to vulnerable library: /webgoat-container/src/main/resources/static/js/jquery/jquery-1.10.2.min.js,/webgoat-container/target/classes/static/js/jquery/jquery-1.10.2.min.js
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2020-11023 | Medium |
6.1 | jquery-1.10.2.min.js | Direct | jquery - 3.5.0;jquery-rails - 4.4.0 | ❌ |
| CVE-2020-11022 | Medium |
6.1 | jquery-1.10.2.min.js | Direct | jQuery - 3.5.0 | ❌ |
| CVE-2019-11358 | Medium |
6.1 | jquery-1.10.2.min.js | Direct | jquery - 3.4.0 | ❌ |
| CVE-2015-9251 | Medium |
6.1 | jquery-1.10.2.min.js | Direct | jQuery - 3.0.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-11023
Vulnerable Library - jquery-1.10.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js
Path to vulnerable library: /webgoat-container/src/main/resources/static/js/jquery/jquery-1.10.2.min.js,/webgoat-container/target/classes/static/js/jquery/jquery-1.10.2.min.js
Dependency Hierarchy:
- ❌ jquery-1.10.2.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
CVE-2020-11022
Vulnerable Library - jquery-1.10.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js
Path to vulnerable library: /webgoat-container/src/main/resources/static/js/jquery/jquery-1.10.2.min.js,/webgoat-container/target/classes/static/js/jquery/jquery-1.10.2.min.js
Dependency Hierarchy:
- ❌ jquery-1.10.2.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
CVE-2019-11358
Vulnerable Library - jquery-1.10.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js
Path to vulnerable library: /webgoat-container/src/main/resources/static/js/jquery/jquery-1.10.2.min.js,/webgoat-container/target/classes/static/js/jquery/jquery-1.10.2.min.js
Dependency Hierarchy:
- ❌ jquery-1.10.2.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0
CVE-2015-9251
Vulnerable Library - jquery-1.10.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js
Path to vulnerable library: /webgoat-container/src/main/resources/static/js/jquery/jquery-1.10.2.min.js,/webgoat-container/target/classes/static/js/jquery/jquery-1.10.2.min.js
Dependency Hierarchy:
- ❌ jquery-1.10.2.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - 3.0.0
bootstrap-3.3.7.jar: 9 vulnerabilities (highest severity is: 6.1)
Vulnerable Library - bootstrap-3.3.7.jar
WebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar,/home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (bootstrap version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2020-11023 | Medium |
6.1 | jquery-3.2.1.jar | Transitive | 4.5.0 | ✅ |
| CVE-2020-11022 | Medium |
6.1 | jquery-3.2.1.jar | Transitive | 4.5.0 | ✅ |
| CVE-2019-8331 | Medium |
6.1 | bootstrap-3.3.7.jar | Direct | 3.4.1 | ✅ |
| CVE-2019-11358 | Medium |
6.1 | jquery-3.2.1.jar | Transitive | 4.4.1-1 | ✅ |
| CVE-2018-20677 | Medium |
6.1 | bootstrap-3.3.7.jar | Direct | 3.4.0 | ✅ |
| CVE-2018-20676 | Medium |
6.1 | bootstrap-3.3.7.jar | Direct | 3.4.0 | ✅ |
| CVE-2018-14042 | Medium |
6.1 | bootstrap-3.3.7.jar | Direct | 3.4.0 | ✅ |
| CVE-2016-10735 | Medium |
6.1 | bootstrap-3.3.7.jar | Direct | 3.4.0 | ✅ |
| CVE-2018-14040 | Low |
3.7 | bootstrap-3.3.7.jar | Direct | 3.4.0 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-11023
Vulnerable Library - jquery-3.2.1.jar
WebJar for jQuery
Library home page: http://webjars.org
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar,/home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar
Dependency Hierarchy:
- bootstrap-3.3.7.jar (Root Library)
- ❌ jquery-3.2.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution (org.webjars:jquery): 3.5.0
Direct dependency fix Resolution (org.webjars:bootstrap): 4.5.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-11022
Vulnerable Library - jquery-3.2.1.jar
WebJar for jQuery
Library home page: http://webjars.org
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar,/home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar
Dependency Hierarchy:
- bootstrap-3.3.7.jar (Root Library)
- ❌ jquery-3.2.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution (org.webjars:jquery): 3.5.0
Direct dependency fix Resolution (org.webjars:bootstrap): 4.5.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-8331
Vulnerable Library - bootstrap-3.3.7.jar
WebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar,/home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2019-02-20
Fix Resolution: 3.4.1
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-11358
Vulnerable Library - jquery-3.2.1.jar
WebJar for jQuery
Library home page: http://webjars.org
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar,/home/wss-scanner/.m2/repository/org/webjars/jquery/3.2.1/jquery-3.2.1.jar
Dependency Hierarchy:
- bootstrap-3.3.7.jar (Root Library)
- ❌ jquery-3.2.1.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution (org.webjars:jquery): 3.4.0
Direct dependency fix Resolution (org.webjars:bootstrap): 4.4.1-1
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-20677
Vulnerable Library - bootstrap-3.3.7.jar
WebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar,/home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: 2019-01-09
URL: CVE-2018-20677
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
Release Date: 2019-01-09
Fix Resolution: 3.4.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-20676
Vulnerable Library - bootstrap-3.3.7.jar
WebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar,/home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Publish Date: 2019-01-09
URL: CVE-2018-20676
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
Release Date: 2019-01-09
Fix Resolution: 3.4.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-14042
Vulnerable Library - bootstrap-3.3.7.jar
WebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar,/home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042
Release Date: 2018-07-13
Fix Resolution: 3.4.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2016-10735
Vulnerable Library - bootstrap-3.3.7.jar
WebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar,/home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Mend Note: Converted from WS-2018-0021, on 2022-11-08.
Publish Date: 2019-01-09
URL: CVE-2016-10735
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735
Release Date: 2019-01-09
Fix Resolution: 3.4.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-14040
Vulnerable Library - bootstrap-3.3.7.jar
WebJar for Bootstrap
Library home page: http://webjars.org
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar,/home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar
Dependency Hierarchy:
- ❌ bootstrap-3.3.7.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
CVSS 3 Score Details (3.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14040
Release Date: 2018-07-13
Fix Resolution: 3.4.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
jquery-3.3.1.min.js: 3 vulnerabilities (highest severity is: 6.1)
Vulnerable Library - jquery-3.3.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Path to dependency file: /docs/index.html
Path to vulnerable library: /docs/vendor/jquery/jquery.min.js
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2020-11023 | Medium |
6.1 | jquery-3.3.1.min.js | Direct | jquery - 3.5.0;jquery-rails - 4.4.0 | ❌ |
| CVE-2020-11022 | Medium |
6.1 | jquery-3.3.1.min.js | Direct | jQuery - 3.5.0 | ❌ |
| CVE-2019-11358 | Medium |
6.1 | jquery-3.3.1.min.js | Direct | jquery - 3.4.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-11023
Vulnerable Library - jquery-3.3.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Path to dependency file: /docs/index.html
Path to vulnerable library: /docs/vendor/jquery/jquery.min.js
Dependency Hierarchy:
- ❌ jquery-3.3.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
CVE-2020-11022
Vulnerable Library - jquery-3.3.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Path to dependency file: /docs/index.html
Path to vulnerable library: /docs/vendor/jquery/jquery.min.js
Dependency Hierarchy:
- ❌ jquery-3.3.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
CVE-2019-11358
Vulnerable Library - jquery-3.3.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Path to dependency file: /docs/index.html
Path to vulnerable library: /docs/vendor/jquery/jquery.min.js
Dependency Hierarchy:
- ❌ jquery-3.3.1.min.js (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0
webgoat-container-v8.1.0.jar: 9 vulnerabilities (highest severity is: 9.8)
Vulnerable Library - webgoat-container-v8.1.0.jar
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.2.2.RELEASE/spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (webgoat-container-v8.1.0.jar version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2023-20873 | Critical |
9.8 | spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2022-22978 | Critical |
9.8 | spring-security-web-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2021-22112 | High |
8.8 | spring-security-web-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
| CVE-2024-22257 | High |
8.2 | spring-security-core-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
| WS-2019-0490 | High |
8.1 | jcommander-1.35.jar | Transitive | N/A* | ❌ |
| CVE-2020-5408 | Medium |
6.5 | spring-security-core-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
| WS-2017-3767 | Medium |
6.3 | spring-security-web-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
| WS-2020-0293 | Medium |
5.9 | spring-security-web-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
| WS-2016-7107 | Medium |
5.9 | spring-security-web-5.2.1.RELEASE.jar | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-20873
Vulnerable Library - spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar
Spring Boot Actuator AutoConfigure
Library home page: https://projects.spring.io/spring-boot/#/spring-boot-parent/spring-boot-actuator-autoconfigure
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.2.2.RELEASE/spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar
Dependency Hierarchy:
- webgoat-container-v8.1.0.jar (Root Library)
- spring-boot-starter-actuator-2.2.2.RELEASE.jar
- ❌ spring-boot-actuator-autoconfigure-2.2.2.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-actuator-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
Publish Date: 2023-04-20
URL: CVE-2023-20873
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-20873
Release Date: 2023-04-20
Fix Resolution: org.springframework.boot:spring-boot-actuator-autoconfigure:2.7.11,3.0.6
CVE-2022-22978
Vulnerable Library - spring-security-web-5.2.1.RELEASE.jar
spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar
Dependency Hierarchy:
- webgoat-container-v8.1.0.jar (Root Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
- ❌ spring-security-web-5.2.1.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.
Publish Date: 2022-05-19
URL: CVE-2022-22978
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2022-22978/
Release Date: 2022-05-19
Fix Resolution: org.springframework.security:spring-security-web:5.5.7,5.6.4
CVE-2021-22112
Vulnerable Library - spring-security-web-5.2.1.RELEASE.jar
spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar
Dependency Hierarchy:
- webgoat-container-v8.1.0.jar (Root Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
- ❌ spring-security-web-5.2.1.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
Publish Date: 2021-02-23
URL: CVE-2021-22112
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2021-22112
Release Date: 2021-02-23
Fix Resolution: org.springframework.security:spring-security-web:5.2.9,5.3.8,5.4.4
CVE-2024-22257
Vulnerable Library - spring-security-core-5.2.1.RELEASE.jar
spring-security-core
Library home page: http://spring.io/spring-security
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/5.2.1.RELEASE/spring-security-core-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/5.2.1.RELEASE/spring-security-core-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/5.2.1.RELEASE/spring-security-core-5.2.1.RELEASE.jar
Dependency Hierarchy:
- webgoat-container-v8.1.0.jar (Root Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
- spring-security-config-5.2.1.RELEASE.jar
- ❌ spring-security-core-5.2.1.RELEASE.jar (Vulnerable Library)
- spring-security-config-5.2.1.RELEASE.jar
- spring-boot-starter-security-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
Publish Date: 2024-03-18
URL: CVE-2024-22257
CVSS 3 Score Details (8.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22257
Release Date: 2024-03-18
Fix Resolution: org.springframework.security:spring-security-core:5.7.12,5.8.11,6.1.8,6.2.3
WS-2019-0490
Vulnerable Library - jcommander-1.35.jar
A Java framework to parse command line options with annotations.
Library home page: http://beust.com/
Path to dependency file: /webgoat-container/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/beust/jcommander/1.35/jcommander-1.35.jar
Dependency Hierarchy:
- webgoat-container-v8.1.0.jar (Root Library)
- asciidoctorj-1.5.8.1.jar
- ❌ jcommander-1.35.jar (Vulnerable Library)
- asciidoctorj-1.5.8.1.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Inclusion of Functionality from Untrusted Control Sphere vulnerability found in jcommander before 1.75. jcommander resolving dependencies over HTTP instead of HTTPS.
Publish Date: 2019-02-19
URL: WS-2019-0490
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2019-02-19
Fix Resolution: com.beust:jcommander:1.75
CVE-2020-5408
Vulnerable Library - spring-security-core-5.2.1.RELEASE.jar
spring-security-core
Library home page: http://spring.io/spring-security
Path to dependency file: /webwolf/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/5.2.1.RELEASE/spring-security-core-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/5.2.1.RELEASE/spring-security-core-5.2.1.RELEASE.jar,/home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/5.2.1.RELEASE/spring-security-core-5.2.1.RELEASE.jar
Dependency Hierarchy:
- webgoat-container-v8.1.0.jar (Root Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
- spring-security-config-5.2.1.RELEASE.jar
- ❌ spring-security-core-5.2.1.RELEASE.jar (Vulnerable Library)
- spring-security-config-5.2.1.RELEASE.jar
- spring-boot-starter-security-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
Publish Date: 2020-05-14
URL: CVE-2020-5408
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408
Release Date: 2020-05-14
Fix Resolution: org.springframework.security:spring-security-crypto:4.2.16,5.0.16,5.1.10,5.2.4,5.3.2,org.springframework.security:spring-security-core:4.2.16,5.0.16,5.1.10,5.2.4,5.3.2
WS-2017-3767
Vulnerable Library - spring-security-web-5.2.1.RELEASE.jar
spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar
Dependency Hierarchy:
- webgoat-container-v8.1.0.jar (Root Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
- ❌ spring-security-web-5.2.1.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Cross-Site Request Forgery (CSRF) vulnerability was found in spring-security before 4.2.15, 5.0.15, 5.1.9, 5.2.3, and 5.3.1. SwitchUserFilter responds to all HTTP methods, making it vulnerable to CSRF attacks.
Publish Date: 2017-01-03
URL: WS-2017-3767
CVSS 3 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Release Date: 2017-01-03
Fix Resolution: org.springframework.security:spring-security-web:4.2.15,5.0.15,5.1.9,5.2.3,5.3.1
WS-2020-0293
Vulnerable Library - spring-security-web-5.2.1.RELEASE.jar
spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar
Dependency Hierarchy:
- webgoat-container-v8.1.0.jar (Root Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
- ❌ spring-security-web-5.2.1.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Spring Security before 5.2.9, 5.3.7, and 5.4.3 vulnerable to side-channel attacks. Vulnerable versions of Spring Security don't use constant time comparisons for CSRF tokens.
Publish Date: 2020-12-17
URL: WS-2020-0293
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2020-12-17
Fix Resolution: org.springframework.security:spring-security-web:5.2.9,5.3.7,5.4.3
WS-2016-7107
Vulnerable Library - spring-security-web-5.2.1.RELEASE.jar
spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.2.1.RELEASE/spring-security-web-5.2.1.RELEASE.jar
Dependency Hierarchy:
- webgoat-container-v8.1.0.jar (Root Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
- ❌ spring-security-web-5.2.1.RELEASE.jar (Vulnerable Library)
- spring-boot-starter-security-2.2.2.RELEASE.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
CSRF tokens in Spring Security are vulnerable to a breach attack. Spring Security always returns the same CSRF token to the browser.
Publish Date: 2016-08-02
URL: WS-2016-7107
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2016-7107
Release Date: 2016-08-02
Fix Resolution: org.springframework.security:spring-security-web - 5.2.14.RELEASE,5.3.13.RELEASE,5.5.4,5.4.10
ant-1.6.2.jar: 5 vulnerabilities (highest severity is: 7.5)
Vulnerable Library - ant-1.6.2.jar
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (ant version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2020-11979 | High |
7.5 | ant-1.6.2.jar | Direct | org.apache.ant:ant:1.10.9 | ✅ |
| CVE-2020-1945 | Medium |
6.3 | ant-1.6.2.jar | Direct | org.apache.ant:ant:1.9.15,1.10.8 | ✅ |
| CVE-2021-36374 | Medium |
5.5 | ant-1.6.2.jar | Direct | org.apache.ant:ant:1.9.16,1.10.11 | ✅ |
| CVE-2021-36373 | Medium |
5.5 | ant-1.6.2.jar | Direct | org.apache.ant:ant:1.9.16,1.10.11 | ✅ |
| CVE-2012-2098 | Medium |
5.3 | ant-1.6.2.jar | Direct | org.apache.ant:ant:1.8.4,org.apache.commons:commons-compress:1.4.1 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-11979
Vulnerable Library - ant-1.6.2.jar
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar
Dependency Hierarchy:
- ❌ ant-1.6.2.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
Publish Date: 2020-10-01
URL: CVE-2020-11979
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://ant.apache.org/security.html
Release Date: 2020-10-01
Fix Resolution: org.apache.ant:ant:1.10.9
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-1945
Vulnerable Library - ant-1.6.2.jar
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar
Dependency Hierarchy:
- ❌ ant-1.6.2.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
Publish Date: 2020-05-14
URL: CVE-2020-1945
CVSS 3 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://ant.apache.org/security.html
Release Date: 2020-05-14
Fix Resolution: org.apache.ant:ant:1.9.15,1.10.8
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-36374
Vulnerable Library - ant-1.6.2.jar
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar
Dependency Hierarchy:
- ❌ ant-1.6.2.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
Publish Date: 2021-07-14
URL: CVE-2021-36374
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://ant.apache.org/security.html
Release Date: 2021-07-14
Fix Resolution: org.apache.ant:ant:1.9.16,1.10.11
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-36373
Vulnerable Library - ant-1.6.2.jar
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar
Dependency Hierarchy:
- ❌ ant-1.6.2.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
Publish Date: 2021-07-14
URL: CVE-2021-36373
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36373
Release Date: 2021-07-14
Fix Resolution: org.apache.ant:ant:1.9.16,1.10.11
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2012-2098
Vulnerable Library - ant-1.6.2.jar
Path to dependency file: /webgoat-server/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar,/home/wss-scanner/.m2/repository/ant/ant/1.6.2/ant-1.6.2.jar
Dependency Hierarchy:
- ❌ ant-1.6.2.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Publish Date: 2012-06-29
URL: CVE-2012-2098
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098
Release Date: 2012-06-29
Fix Resolution: org.apache.ant:ant:1.8.4,org.apache.commons:commons-compress:1.4.1
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
jsoup-1.11.3.jar: 2 vulnerabilities (highest severity is: 7.5)
Vulnerable Library - jsoup-1.11.3.jar
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.
Path to dependency file: /webgoat-lessons/cross-site-scripting/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jsoup/jsoup/1.11.3/jsoup-1.11.3.jar,/home/wss-scanner/.m2/repository/org/jsoup/jsoup/1.11.3/jsoup-1.11.3.jar,/home/wss-scanner/.m2/repository/org/jsoup/jsoup/1.11.3/jsoup-1.11.3.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jsoup version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2021-37714 | High |
7.5 | jsoup-1.11.3.jar | Direct | 1.14.2 | ✅ |
| CVE-2022-36033 | Medium |
6.1 | jsoup-1.11.3.jar | Direct | 1.15.3 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2021-37714
Vulnerable Library - jsoup-1.11.3.jar
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.
Path to dependency file: /webgoat-lessons/cross-site-scripting/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jsoup/jsoup/1.11.3/jsoup-1.11.3.jar,/home/wss-scanner/.m2/repository/org/jsoup/jsoup/1.11.3/jsoup-1.11.3.jar,/home/wss-scanner/.m2/repository/org/jsoup/jsoup/1.11.3/jsoup-1.11.3.jar
Dependency Hierarchy:
- ❌ jsoup-1.11.3.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
Publish Date: 2021-08-18
URL: CVE-2021-37714
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://jsoup.org/news/release-1.14.2
Release Date: 2021-08-18
Fix Resolution: 1.14.2
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-36033
Vulnerable Library - jsoup-1.11.3.jar
jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.
Path to dependency file: /webgoat-lessons/cross-site-scripting/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jsoup/jsoup/1.11.3/jsoup-1.11.3.jar,/home/wss-scanner/.m2/repository/org/jsoup/jsoup/1.11.3/jsoup-1.11.3.jar,/home/wss-scanner/.m2/repository/org/jsoup/jsoup/1.11.3/jsoup-1.11.3.jar
Dependency Hierarchy:
- ❌ jsoup-1.11.3.jar (Vulnerable Library)
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default SafeList.preserveRelativeLinks option is enabled, HTML including javascript: URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable SafeList.preserveRelativeLinks, which will rewrite input URLs as absolute URLs - ensure an appropriate Content Security Policy is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)
Publish Date: 2022-08-29
URL: CVE-2022-36033
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-gp7f-rwcx-9369
Release Date: 2022-08-29
Fix Resolution: 1.15.3
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
webgoat-server-v8.1.0.jar: 1 vulnerabilities (highest severity is: 8.1) - autoclosed
Vulnerable Library - webgoat-server-v8.1.0.jar
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/beust/jcommander/1.35/jcommander-1.35.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (webgoat-server-v8.1.0.jar version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| WS-2019-0490 | High |
8.1 | jcommander-1.35.jar | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2019-0490
Vulnerable Library - jcommander-1.35.jar
A Java framework to parse command line options with annotations.
Library home page: http://beust.com/
Path to dependency file: /webgoat-integration-tests/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/beust/jcommander/1.35/jcommander-1.35.jar
Dependency Hierarchy:
- webgoat-server-v8.1.0.jar (Root Library)
- webgoat-container-v8.1.0.jar
- asciidoctorj-1.5.8.1.jar
- ❌ jcommander-1.35.jar (Vulnerable Library)
- asciidoctorj-1.5.8.1.jar
- webgoat-container-v8.1.0.jar
Found in HEAD commit: 0a9333ddb56c20579d3dc182cdf741a918259c21
Found in base branch: main
Vulnerability Details
Inclusion of Functionality from Untrusted Control Sphere vulnerability found in jcommander before 1.75. jcommander resolving dependencies over HTTP instead of HTTPS.
Publish Date: 2019-02-19
URL: WS-2019-0490
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2019-02-19
Fix Resolution: com.beust:jcommander:1.75
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.