This project forked from devopshydclub/vprofile-project
Here,we used Mysql DB MSQL DB Installation Steps for Linux ubuntu 14.04:
Then look for the file :
mysql -u <user_name> -p accounts < accountsdb.sql
Vulnerable Library - spring-rabbit-1.7.1.RELEASE.jarPath to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/amqp/spring-amqp/1.7.1.RELEASE/spring-amqp-1.7.1.RELEASE.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (spring-rabbit version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2018-14721 |  Critical |
10.0 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2020-9548 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2020-9547 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-9546 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2020-8840 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-20330 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-17531 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2019-17267 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-16943 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-16942 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-16335 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-14893 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-14892 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-14540 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-14379 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-10202 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2018-7489 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2018-19362 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2018-19361 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2018-19360 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2018-14720 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2018-14719 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2018-14718 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2018-1275 | Critical |
9.8 | spring-messaging-4.3.7.RELEASE.jar | Transitive | 1.7.9.RELEASE | ✅ |
|
| CVE-2018-1270 | Critical |
9.8 | spring-messaging-4.3.7.RELEASE.jar | Transitive | 1.7.7.RELEASE | ✅ |
|
| CVE-2018-11307 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2017-7525 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2017-17485 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2017-15095 | Critical |
9.8 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2020-11113 |  High |
8.8 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-11112 | High |
8.8 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-11111 | High |
8.8 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-10969 | High |
8.8 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-10968 | High |
8.8 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-10673 | High |
8.8 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-10672 | High |
8.8 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2021-20190 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36189 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36188 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36187 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36186 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36185 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36184 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36183 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36182 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36181 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36180 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36179 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-24750 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2020-24616 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2020-14195 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2020-14062 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2020-14061 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2020-14060 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2020-11620 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-11619 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-10650 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2018-5968 | High |
8.1 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2022-42004 | High |
7.5 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2022-42003 | High |
7.5 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2020-36518 | High |
7.5 | jackson-databind-2.8.4.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2019-14439 | High |
7.5 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-12086 | High |
7.5 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2018-12023 | High |
7.5 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2018-12022 | High |
7.5 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| WS-2019-0379 |  Medium |
6.5 | commons-codec-1.6.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2022-22971 | Medium |
6.5 | spring-messaging-4.3.7.RELEASE.jar | Transitive | 2.1.1.RELEASE | ✅ |
|
| CVE-2018-1257 | Medium |
6.5 | spring-messaging-4.3.7.RELEASE.jar | Transitive | 1.7.9.RELEASE | ✅ |
|
| CVE-2019-12814 | Medium |
5.9 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2019-12384 | Medium |
5.9 | jackson-databind-2.8.4.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2018-11087 | Medium |
5.9 | detected in multiple dependencies | Transitive | 2.0.0.RELEASE | ✅ |
|
| WS-2017-3734 | Medium |
5.3 | httpclient-4.3.6.jar | Transitive | 2.0.2.RELEASE | ✅ |
|
| CVE-2020-13956 | Medium |
5.3 | httpclient-4.3.6.jar | Transitive | 2.1.0.RELEASE | ✅ |
|
| CVE-2023-46120 | Medium |
4.9 | amqp-client-4.0.2.jar | Transitive | 3.1.0 | ✅ |
|
| CVE-2017-8045 | Critical |
9.8 | spring-amqp-1.7.1.RELEASE.jar | Transitive | 1.7.4.RELEASE | ✅ |
|
| CVE-2023-34050 | Medium |
5.0 | spring-amqp-1.7.1.RELEASE.jar | Transitive | 2.4.17 | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Partial details (11 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE-2018-14721General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory (Application)
-> com.fasterxml.jackson.databind.ObjectMapper (Extension)
-> org.springframework.messaging.converter.MappingJackson2MessageConverter (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> ❌ com.visualpathit.account.validator.UserValidator (Vulnerable Component)
FasterXML jackson-databind 2.x before 2.6.7.3,2.7.9.5,2.8.11.3,2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14721
Base Score Metrics:
Type: Upgrade version
Release Date: 2019-01-02
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.3
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-9548General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory (Application)
-> com.fasterxml.jackson.databind.ObjectMapper (Extension)
-> org.springframework.messaging.converter.MappingJackson2MessageConverter (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> ❌ com.visualpathit.account.validator.UserValidator (Vulnerable Component)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
Publish Date: 2020-03-02
URL: CVE-2020-9548
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548
Release Date: 2020-03-02
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.6
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-9547General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory (Application)
-> com.fasterxml.jackson.databind.ObjectMapper (Extension)
-> org.springframework.messaging.converter.MappingJackson2MessageConverter (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> ❌ com.visualpathit.account.validator.UserValidator (Vulnerable Component)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
Publish Date: 2020-03-02
URL: CVE-2020-9547
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9547
Release Date: 2020-03-02
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.10.4
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.1.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-9546General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory (Application)
-> com.fasterxml.jackson.databind.ObjectMapper (Extension)
-> org.springframework.messaging.converter.MappingJackson2MessageConverter (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> ❌ com.visualpathit.account.validator.UserValidator (Vulnerable Component)
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
Publish Date: 2020-03-02
URL: CVE-2020-9546
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546
Release Date: 2020-03-02
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.6
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-8840General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.fasterxml.jackson.databind.jsontype.NamedType (Application)
-> com.fasterxml.jackson.databind.ObjectMapper (Extension)
-> org.springframework.messaging.converter.MappingJackson2MessageConverter (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> ❌ com.visualpathit.account.validator.UserValidator (Vulnerable Component)
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Publish Date: 2020-02-10
URL: CVE-2020-8840
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-02-10
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.5
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-20330General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.fasterxml.jackson.databind.JsonDeserializer (Application)
-> com.fasterxml.jackson.databind.ObjectMapper (Extension)
-> org.springframework.messaging.converter.MappingJackson2MessageConverter (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> ❌ com.visualpathit.account.validator.UserValidator (Vulnerable Component)
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
Publish Date: 2020-01-03
URL: CVE-2019-20330
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-01-03
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.5
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-17531General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory (Application)
-> com.fasterxml.jackson.databind.ObjectMapper (Extension)
-> org.springframework.messaging.converter.MappingJackson2MessageConverter (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> ❌ com.visualpathit.account.validator.UserValidator (Vulnerable Component)
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
Publish Date: 2019-10-12
URL: CVE-2019-17531
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531
Release Date: 2019-10-12
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.9.10.1
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.1.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-17267General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory (Application)
-> com.fasterxml.jackson.databind.ObjectMapper (Extension)
-> org.springframework.messaging.converter.MappingJackson2MessageConverter (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> ❌ com.visualpathit.account.validator.UserValidator (Vulnerable Component)
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
Publish Date: 2019-10-06
URL: CVE-2019-17267
Base Score Metrics:
Type: Upgrade version
Release Date: 2019-10-06
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.5
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-16943General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory (Application)
-> com.fasterxml.jackson.databind.ObjectMapper (Extension)
-> org.springframework.messaging.converter.MappingJackson2MessageConverter (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> ❌ com.visualpathit.account.validator.UserValidator (Vulnerable Component)
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
Publish Date: 2019-10-01
URL: CVE-2019-16943
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943
Release Date: 2019-10-01
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.5
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-16942General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.fasterxml.jackson.databind.deser.BeanDeserializerFactory (Application)
-> com.fasterxml.jackson.databind.ObjectMapper (Extension)
-> org.springframework.messaging.converter.MappingJackson2MessageConverter (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> ❌ com.visualpathit.account.validator.UserValidator (Vulnerable Component)
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
Publish Date: 2019-10-01
URL: CVE-2019-16942
Base Score Metrics:
Type: Upgrade version
Origin: https://osv.dev/vulnerability/GHSA-mx7p-6679-8g3q
Release Date: 2019-10-01
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.5
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-16335General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.4/jackson-databind-2.8.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.fasterxml.jackson.databind.ser.std.StdArraySerializers$FloatArraySerializer (Application)
-> com.fasterxml.jackson.databind.ser.std.StdArraySerializers (Extension)
-> com.fasterxml.jackson.databind.ser.BasicSerializerFactory (Extension)
-> com.fasterxml.jackson.databind.ObjectMapper (Extension)
...
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> ❌ com.visualpathit.account.validator.UserValidator (Vulnerable Component)
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Publish Date: 2019-09-15
URL: CVE-2019-16335
Base Score Metrics:
Type: Upgrade version
Origin: https://osv.dev/vulnerability/GHSA-85cw-hj65-qqv9
Release Date: 2019-09-15
Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.8.11.5
Direct dependency fix Resolution (org.springframework.amqp:spring-rabbit): 2.0.2.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-security-web-4.0.1.RELEASE.jarspring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.0.1.RELEASE/spring-security-web-4.0.1.RELEASE.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (spring-security-web version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2022-22978 | Critical |
9.8 | spring-security-web-4.0.1.RELEASE.jar | Direct | 5.4.11 | ✅ |
|
| CVE-2021-22112 | High |
8.8 | spring-security-web-4.0.1.RELEASE.jar | Direct | 5.2.9.RELEASE | ✅ |
|
| CVE-2024-22257 | High |
8.2 | spring-security-core-4.0.1.RELEASE.jar | Transitive | 5.7.12 | ✅ |
|
| CVE-2016-9879 | High |
7.5 | spring-security-web-4.0.1.RELEASE.jar | Direct | 4.1.4.RELEASE | ✅ |
|
| CVE-2016-5007 | High |
7.5 | spring-security-web-4.0.1.RELEASE.jar | Direct | 4.1.1.RELEASE | ✅ |
|
| CVE-2019-11272 | High |
7.3 | spring-security-core-4.0.1.RELEASE.jar | Transitive | 4.2.13.RELEASE | ✅ |
|
| WS-2017-3767 | Medium |
6.3 | spring-security-web-4.0.1.RELEASE.jar | Direct | 4.2.15.RELEASE | ✅ |
|
| WS-2020-0293 | Medium |
5.9 | spring-security-web-4.0.1.RELEASE.jar | Direct | 5.2.9.RELEASE | ✅ |
|
| WS-2016-7107 | Medium |
5.9 | spring-security-web-4.0.1.RELEASE.jar | Direct | 5.2.14.RELEASE | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2022-22978spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.0.1.RELEASE/spring-security-web-4.0.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.security.config.annotation.web.builders.HttpSecurity (Extension)
-> ❌ org.springframework.security.web.util.matcher.RegexRequestMatcher (Vulnerable Component)
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an authorization bypass.
Publish Date: 2022-05-19
URL: CVE-2022-22978
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/security/cve-2022-22978/
Release Date: 2022-05-19
Fix Resolution: 5.4.11
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-22112spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.0.1.RELEASE/spring-security-web-4.0.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.security.config.annotation.web.configurers.SecurityContextConfigurer (Extension)
-> org.springframework.security.web.context.HttpSessionSecurityContextRepository (Extension)
-> ❌ org.springframework.security.web.context.HttpSessionSecurityContextRepository$SaveToSessionResponseWrapper (Vulnerable Component)
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
Publish Date: 2021-02-23
URL: CVE-2021-22112
Base Score Metrics:
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2021-22112
Release Date: 2021-02-23
Fix Resolution: 5.2.9.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-22257spring-security-core
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/4.0.1.RELEASE/spring-security-core-4.0.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> ❌ org.springframework.security.authentication.AuthenticationTrustResolver (Vulnerable Component)
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
Publish Date: 2024-03-18
URL: CVE-2024-22257
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22257
Release Date: 2024-03-18
Fix Resolution (org.springframework.security:spring-security-core): 5.7.12
Direct dependency fix Resolution (org.springframework.security:spring-security-web): 5.7.12
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2016-9879spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.0.1.RELEASE/spring-security-web-4.0.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.security.config.annotation.web.builders.WebSecurity (Extension)
-> org.springframework.security.web.FilterChainProxy (Extension)
-> ❌ org.springframework.security.web.firewall.DefaultHttpFirewall (Vulnerable Component)
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.
Publish Date: 2017-01-06
URL: CVE-2016-9879
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9879
Release Date: 2017-01-06
Fix Resolution: 4.1.4.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2016-5007spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.0.1.RELEASE/spring-security-web-4.0.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer (Extension)
-> ❌ org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource (Vulnerable Component)
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
Publish Date: 2017-05-25
URL: CVE-2016-5007
Base Score Metrics:
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2016-5007
Release Date: 2017-05-25
Fix Resolution: 4.1.1.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-11272spring-security-core
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-core/4.0.1.RELEASE/spring-security-core-4.0.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder (Extension)
-> org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer (Extension)
-> ❌ org.springframework.security.authentication.encoding.PlaintextPasswordEncoder (Vulnerable Component)
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
Publish Date: 2019-06-20
URL: CVE-2019-11272
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11272
Release Date: 2019-06-20
Fix Resolution (org.springframework.security:spring-security-core): 4.2.13.RELEASE
Direct dependency fix Resolution (org.springframework.security:spring-security-web): 4.2.13.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
WS-2017-3767spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.0.1.RELEASE/spring-security-web-4.0.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.security.config.annotation.web.builders.HttpSecurity (Extension)
-> org.springframework.security.config.annotation.web.builders.FilterComparator (Extension)
-> ❌ org.springframework.security.web.authentication.switchuser.SwitchUserFilter (Vulnerable Component)
Cross-Site Request Forgery (CSRF) vulnerability was found in spring-security before 4.2.15, 5.0.15, 5.1.9, 5.2.3, and 5.3.1. SwitchUserFilter responds to all HTTP methods, making it vulnerable to CSRF attacks.
Publish Date: 2017-01-03
URL: WS-2017-3767
Base Score Metrics:
Type: Upgrade version
Release Date: 2017-01-03
Fix Resolution: 4.2.15.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
WS-2020-0293spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.0.1.RELEASE/spring-security-web-4.0.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.security.config.annotation.web.configurers.CsrfConfigurer (Extension)
-> ❌ org.springframework.security.web.csrf.CsrfFilter (Vulnerable Component)
Spring Security before 5.2.9, 5.3.7, and 5.4.3 vulnerable to side-channel attacks. Vulnerable versions of Spring Security don't use constant time comparisons for CSRF tokens.
Publish Date: 2020-12-17
URL: WS-2020-0293
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-12-17
Fix Resolution: 5.2.9.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
WS-2016-7107spring-security-web
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/4.0.1.RELEASE/spring-security-web-4.0.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.security.config.annotation.web.configurers.LogoutConfigurer (Extension)
-> ❌ org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler (Vulnerable Component)
CSRF tokens in Spring Security are vulnerable to a breach attack. Spring Security always returns the same CSRF token to the browser.
Publish Date: 2016-08-02
URL: WS-2016-7107
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2016-7107
Release Date: 2016-08-02
Fix Resolution: 5.2.14.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - jquery-3.2.1.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2020-11023 | Medium |
6.9 | jquery-3.2.1.min.js | Direct | jquery - 3.5.0;jquery-rails - 4.4.0 | ❌ | |
| CVE-2020-11022 | Medium |
6.9 | jquery-3.2.1.min.js | Direct | jQuery - 3.5.0 | ❌ | |
| CVE-2019-11358 | Medium |
6.1 | jquery-3.2.1.min.js | Direct | jquery - 3.4.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2020-11023JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
CVE-2020-11022JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
CVE-2019-11358JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-19
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0
Vulnerable Library - bootstrap-3.3.5.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to vulnerable library: /src/main/webapp/resources/js/bootstrap.min.js
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (bootstrap version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2019-8331 | Medium |
6.1 | bootstrap-3.3.5.min.js | Direct | bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1 | ❌ | |
| CVE-2018-20677 | Medium |
6.1 | bootstrap-3.3.5.min.js | Direct | Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0 | ❌ | |
| CVE-2018-20676 | Medium |
6.1 | bootstrap-3.3.5.min.js | Direct | bootstrap - 3.4.0 | ❌ | |
| CVE-2018-14042 | Medium |
6.1 | bootstrap-3.3.5.min.js | Direct | bootstrap - 3.4.0,4.1.2 | ❌ | |
| CVE-2016-10735 | Medium |
6.1 | bootstrap-3.3.5.min.js | Direct | bootstrap - 3.4.0, 4.0.0-beta.2 | ❌ | |
| CVE-2018-14040 |  Low |
3.7 | bootstrap-3.3.5.min.js | Direct | org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2019-8331The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to vulnerable library: /src/main/webapp/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
Base Score Metrics:
Type: Upgrade version
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
CVE-2018-20677The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to vulnerable library: /src/main/webapp/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: 2019-01-09
URL: CVE-2018-20677
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
Release Date: 2019-01-09
Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
CVE-2018-20676The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to vulnerable library: /src/main/webapp/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Publish Date: 2019-01-09
URL: CVE-2018-20676
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0
CVE-2018-14042The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to vulnerable library: /src/main/webapp/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042
Release Date: 2018-07-13
Fix Resolution: bootstrap - 3.4.0,4.1.2
CVE-2016-10735The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to vulnerable library: /src/main/webapp/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Mend Note: Converted from WS-2018-0021, on 2022-11-08.
Publish Date: 2019-01-09
URL: CVE-2016-10735
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2
CVE-2018-14040The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to vulnerable library: /src/main/webapp/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
Vulnerable Library - commons-io-2.4.jarThe Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Library home page: http://commons.apache.org/io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (commons-io version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2021-29425 | Medium |
4.8 | commons-io-2.4.jar | Direct | 2.7 | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2021-29425The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Library home page: http://commons.apache.org/io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
Publish Date: 2021-04-13
URL: CVE-2021-29425
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425
Release Date: 2021-04-13
Fix Resolution: 2.7
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - hibernate-validator-5.2.1.Final.jarHibernate's Bean Validation (JSR-303) reference implementation.
Library home page: http://hibernate.org/validator
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-validator/5.2.1.Final/hibernate-validator-5.2.1.Final.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (hibernate-validator version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2017-7536 | High |
7.0 | hibernate-validator-5.2.1.Final.jar | Direct | 5.3.0.Alpha1 | ✅ |
|
| CVE-2023-1932 | Medium |
6.1 | hibernate-validator-5.2.1.Final.jar | Direct | 6.2.0.CR1 | ✅ |
|
| CVE-2020-10693 | Medium |
5.3 | hibernate-validator-5.2.1.Final.jar | Direct | 6.0.0.Alpha1 | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2017-7536Hibernate's Bean Validation (JSR-303) reference implementation.
Library home page: http://hibernate.org/validator
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-validator/5.2.1.Final/hibernate-validator-5.2.1.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.validation.beanvalidation.LocalValidatorFactoryBean (Extension)
-> org.springframework.validation.beanvalidation.LocalValidatorFactoryBean$HibernateValidatorDelegate (Extension)
-> org.hibernate.validator.internal.util.privilegedactions.LoadClass (Extension)
...
-> org.hibernate.validator.internal.engine.ValidatorFactoryImpl (Extension)
-> org.hibernate.validator.internal.engine.ValidatorImpl (Extension)
-> ❌ org.hibernate.validator.internal.util.privilegedactions.GetDeclaredField (Vulnerable Component)
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
Publish Date: 2018-01-10
URL: CVE-2017-7536
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7536
Release Date: 2018-01-10
Fix Resolution: 5.3.0.Alpha1
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-1932Hibernate's Bean Validation (JSR-303) reference implementation.
Library home page: http://hibernate.org/validator
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-validator/5.2.1.Final/hibernate-validator-5.2.1.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.validation.beanvalidation.LocalValidatorFactoryBean (Extension)
-> org.springframework.validation.beanvalidation.LocalValidatorFactoryBean$HibernateValidatorDelegate (Extension)
-> org.hibernate.validator.internal.util.logging.Log (Extension)
...
-> org.hibernate.validator.internal.metadata.core.ConstraintHelper (Extension)
-> org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator (Extension)
-> ❌ org.hibernate.validator.constraints.SafeHtml$WhiteListType (Vulnerable Component)
A vulnerability was found in hibernate-validator version 6.1.2.Final, where the method 'isValid' in the class org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator can by bypassed by omitting the tag end (less than sign). Browsers typically still render the invalid html which leads to attacks like HTML injection and Cross-Site-Scripting.
Publish Date: 2023-04-07
URL: CVE-2023-1932
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1809444
Release Date: 2023-04-07
Fix Resolution: 6.2.0.CR1
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-10693Hibernate's Bean Validation (JSR-303) reference implementation.
Library home page: http://hibernate.org/validator
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-validator/5.2.1.Final/hibernate-validator-5.2.1.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.validation.beanvalidation.LocalValidatorFactoryBean (Extension)
-> org.springframework.validation.beanvalidation.LocalValidatorFactoryBean$HibernateValidatorDelegate (Extension)
-> org.hibernate.validator.messageinterpolation.ResourceBundleMessageInterpolator (Extension)
...
-> org.hibernate.validator.internal.engine.messageinterpolation.parser.TokenCollector (Extension)
-> org.hibernate.validator.internal.engine.messageinterpolation.parser.BeginState (Extension)
-> ❌ org.hibernate.validator.internal.engine.messageinterpolation.parser.MessageState (Vulnerable Component)
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
Publish Date: 2020-05-06
URL: CVE-2020-10693
Base Score Metrics:
Type: Upgrade version
Origin: https://in.relation.to/2020/05/07/hibernate-validator-615-6020-released/
Release Date: 2024-09-03
Fix Resolution: 6.0.0.Alpha1
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - gson-2.8.2.jarGson JSON library
Library home page: https://github.com/google/gson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/code/gson/gson/2.8.2/gson-2.8.2.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (gson version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| WS-2021-0419 | High |
7.7 | gson-2.8.2.jar | Direct | 2.8.9 | ✅ |
|
| CVE-2022-25647 | High |
7.7 | gson-2.8.2.jar | Direct | 2.8.9 | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
WS-2021-0419Gson JSON library
Library home page: https://github.com/google/gson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/code/gson/gson/2.8.2/gson-2.8.2.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.controller.ElasticSearchController (Application)
-> com.google.gson.Gson (Extension)
-> com.google.gson.internal.bind.ObjectTypeAdapter (Extension)
-> ❌ com.google.gson.internal.LinkedTreeMap (Vulnerable Component)
Denial of Service vulnerability was discovered in gson before 2.8.9 via the writeReplace() method.
Publish Date: 2021-10-11
URL: WS-2021-0419
Base Score Metrics:
Type: Upgrade version
Release Date: 2021-10-11
Fix Resolution: 2.8.9
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-25647Gson JSON library
Library home page: https://github.com/google/gson
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/code/gson/gson/2.8.2/gson-2.8.2.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.controller.ElasticSearchController (Application)
-> com.google.gson.Gson (Extension)
-> com.google.gson.internal.bind.ObjectTypeAdapter (Extension)
-> ❌ com.google.gson.internal.LinkedTreeMap (Vulnerable Component)
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
Publish Date: 2022-05-01
URL: CVE-2022-25647
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647`
Release Date: 2022-05-01
Fix Resolution: 2.8.9
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - jquery-1.11.2.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2020-11023 | Medium |
6.9 | jquery-1.11.2.min.js | Direct | jquery - 3.5.0;jquery-rails - 4.4.0 | ❌ | |
| CVE-2020-11022 | Medium |
6.9 | jquery-1.11.2.min.js | Direct | jQuery - 3.5.0 | ❌ | |
| CVE-2019-11358 | Medium |
6.1 | jquery-1.11.2.min.js | Direct | jquery - 3.4.0 | ❌ | |
| CVE-2015-9251 | Medium |
6.1 | jquery-1.11.2.min.js | Direct | jQuery - 3.0.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2020-11023JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
CVE-2020-11022JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
CVE-2019-11358JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-19
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0
CVE-2015-9251JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - 3.0.0
Vulnerable Library - logback-classic-1.1.3.jarlogback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.1.3/logback-classic-1.1.3.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (logback-classic version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2017-5929 | Critical |
9.8 | detected in multiple dependencies | Transitive | 1.1.6 | ✅ |
|
| CVE-2023-6481 | High |
7.1 | logback-core-1.1.3.jar | Transitive | N/A* | ❌ |
|
| CVE-2023-6378 | High |
7.1 | logback-classic-1.1.3.jar | Direct | 1.2.13 | ✅ |
|
| CVE-2021-42550 | Medium |
6.6 | detected in multiple dependencies | Transitive | N/A* | ✅ |
|
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2017-5929
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.1.3/logback-core-1.1.3.jar
Dependency Hierarchy:
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.1.3/logback-classic-1.1.3.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.SecurityServiceImpl (Application)
-> org.slf4j.LoggerFactory (Extension)
-> org.slf4j.impl.StaticLoggerBinder (Extension)
-> ch.qos.logback.classic.BasicConfigurator (Extension)
...
-> ch.qos.logback.classic.PatternLayout (Extension)
-> ch.qos.logback.core.pattern.PatternLayoutBase (Extension)
-> ❌ ch.qos.logback.core.LayoutBase (Vulnerable Component)
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
Publish Date: 2017-03-13
URL: CVE-2017-5929
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5929
Release Date: 2017-03-13
Fix Resolution (ch.qos.logback:logback-core): 1.1.6
Direct dependency fix Resolution (ch.qos.logback:logback-classic): 1.1.6
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-6481logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.1.3/logback-core-1.1.3.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.SecurityServiceImpl (Application)
-> org.slf4j.LoggerFactory (Extension)
-> org.slf4j.impl.StaticLoggerBinder (Extension)
-> ch.qos.logback.classic.BasicConfigurator (Extension)
...
-> ch.qos.logback.classic.PatternLayout (Extension)
-> ch.qos.logback.core.pattern.PatternLayoutBase (Extension)
-> ❌ ch.qos.logback.core.LayoutBase (Vulnerable Component)
A serialization vulnerability in logback receiver component part of
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
Publish Date: 2023-12-04
URL: CVE-2023-6481
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-6481
Release Date: 2023-12-04
Fix Resolution: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14
CVE-2023-6378logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.1.3/logback-classic-1.1.3.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.SecurityServiceImpl (Application)
-> org.slf4j.LoggerFactory (Extension)
-> org.slf4j.impl.StaticLoggerBinder (Extension)
-> ch.qos.logback.classic.joran.JoranConfigurator (Extension)
...
-> ch.qos.logback.classic.net.SocketAppender (Extension)
-> ch.qos.logback.classic.net.LoggingEventPreSerializationTransformer (Extension)
-> ❌ ch.qos.logback.classic.spi.LoggingEventVO (Vulnerable Component)
A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
Publish Date: 2023-11-29
URL: CVE-2023-6378
Base Score Metrics:
Type: Upgrade version
Origin: https://logback.qos.ch/news.html#1.3.12
Release Date: 2023-11-29
Fix Resolution: 1.2.13
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-42550
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.1.3/logback-core-1.1.3.jar
Dependency Hierarchy:
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.1.3/logback-classic-1.1.3.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.SecurityServiceImpl (Application)
-> org.slf4j.LoggerFactory (Extension)
-> org.slf4j.impl.StaticLoggerBinder (Extension)
-> ch.qos.logback.classic.util.ContextSelectorStaticBinder (Extension)
-> ❌ ch.qos.logback.core.util.OptionHelper (Vulnerable Component)
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
Mend Note: Converted from WS-2021-0491, on 2022-11-07.
Publish Date: 2021-12-16
URL: CVE-2021-42550
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=VE-2021-42550
Release Date: 2021-12-16
Fix Resolution: ch.qos.logback:logback-classic:1.2.9;ch.qos.logback:logback-core:1.2.9
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - jstl-1.2.jarPath to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jstl version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2015-0254 | High |
7.3 | jstl-1.2.jar | Direct | org.apache.taglibs:taglibs-standard-impl:1.2.3 | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2015-0254Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
Publish Date: 2015-03-09
URL: CVE-2015-0254
Base Score Metrics:
Type: Upgrade version
Origin: https://tomcat.apache.org/taglibs/standard/
Release Date: 2015-03-09
Fix Resolution: org.apache.taglibs:taglibs-standard-impl:1.2.3
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - hibernate-entitymanager-4.3.11.Final.jarPath to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (hibernate-entitymanager version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2020-10683 | Critical |
9.8 | dom4j-1.6.1.jar | Transitive | 5.0.2.Final | ✅ |
|
| CVE-2018-1000632 | High |
7.5 | dom4j-1.6.1.jar | Transitive | 5.0.2.Final | ✅ |
|
| CVE-2020-25638 | High |
7.4 | hibernate-core-4.3.11.Final.jar | Transitive | 5.0.2.Final | ✅ |
|
| CVE-2019-14900 | Medium |
6.5 | hibernate-core-4.3.11.Final.jar | Transitive | 5.0.2.Final | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2020-10683dom4j: the flexible XML framework for Java
Library home page: http://dom4j.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
Publish Date: 2020-05-01
URL: CVE-2020-10683
Base Score Metrics:
Type: Upgrade version
Release Date: 2024-09-03
Fix Resolution (dom4j:dom4j): 20040902.021138
Direct dependency fix Resolution (org.hibernate:hibernate-entitymanager): 5.0.2.Final
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-1000632dom4j: the flexible XML framework for Java
Library home page: http://dom4j.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Publish Date: 2018-08-20
URL: CVE-2018-1000632
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000632/
Release Date: 2018-08-20
Fix Resolution (dom4j:dom4j): 20040902.021138
Direct dependency fix Resolution (org.hibernate:hibernate-entitymanager): 5.0.2.Final
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-25638The core O/RM functionality as provided by Hibernate
Library home page: http://hibernate.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/4.3.11.Final/hibernate-core-4.3.11.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
Publish Date: 2020-12-02
URL: CVE-2020-25638
Base Score Metrics:
Type: Upgrade version
Origin: https://in.relation.to/2020/11/19/hibernate-orm-5424-final-release/
Release Date: 2020-12-02
Fix Resolution (org.hibernate:hibernate-core): 5.3.20.Final
Direct dependency fix Resolution (org.hibernate:hibernate-entitymanager): 5.0.2.Final
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-14900The core O/RM functionality as provided by Hibernate
Library home page: http://hibernate.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/4.3.11.Final/hibernate-core-4.3.11.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
Publish Date: 2020-07-06
URL: CVE-2019-14900
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14900
Release Date: 2020-07-06
Fix Resolution (org.hibernate:hibernate-core): 5.1.10.Final
Direct dependency fix Resolution (org.hibernate:hibernate-entitymanager): 5.0.2.Final
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - transport-5.6.4.jarPath to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-handler/4.1.13.Final/netty-handler-4.1.13.Final.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (transport version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2019-20445 | Critical |
9.1 | netty-codec-http-4.1.13.Final.jar | Transitive | 7.7.0 | ✅ |
|
| CVE-2019-20444 | Critical |
9.1 | detected in multiple dependencies | Transitive | 7.7.0 | ✅ |
|
| CVE-2020-7238 | High |
7.5 | netty-codec-http-4.1.13.Final.jar | Transitive | 7.7.0 | ✅ |
|
| CVE-2020-11612 | High |
7.5 | netty-codec-4.1.13.Final.jar | Transitive | 7.8.0 | ✅ |
|
| CVE-2019-16869 | High |
7.5 | netty-codec-http-4.1.13.Final.jar | Transitive | 7.5.0 | ✅ |
|
| CVE-2021-43797 | Medium |
6.5 | netty-codec-http-4.1.13.Final.jar | Transitive | 7.17.11 | ✅ |
|
| CVE-2021-21295 | Medium |
5.9 | netty-codec-http-4.1.13.Final.jar | Transitive | 7.15.0 | ✅ |
|
| CVE-2022-24823 | Medium |
5.5 | netty-common-4.1.13.Final.jar | Transitive | N/A* | ❌ |
|
| CVE-2021-37137 | High |
7.5 | netty-codec-4.1.13.Final.jar | Transitive | 7.17.11 | ✅ |
|
| CVE-2021-37136 | High |
7.5 | netty-codec-4.1.13.Final.jar | Transitive | 7.17.11 | ✅ |
|
| WS-2020-0408 | High |
7.4 | netty-handler-4.1.13.Final.jar | Transitive | 7.17.11 | ✅ |
|
| CVE-2023-34462 | Medium |
6.5 | netty-handler-4.1.13.Final.jar | Transitive | 7.17.12 | ✅ |
|
| CVE-2021-21290 | Medium |
6.2 | detected in multiple dependencies | Transitive | 7.15.0 | ✅ |
|
| CVE-2024-29025 | Medium |
5.3 | netty-codec-http-4.1.13.Final.jar | Transitive | N/A* | ❌ |
|
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2019-20445Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.13.Final/netty-codec-http-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.transport.Netty4Plugin (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport$HttpChannelHandler (Extension)
-> io.netty.handler.codec.http.HttpRequestDecoder (Extension)
-> ❌ io.netty.handler.codec.http.HttpObjectDecoder (Vulnerable Component)
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
Publish Date: 2020-01-29
URL: CVE-2019-20445
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445
Release Date: 2020-01-29
Fix Resolution (io.netty:netty-codec-http): 4.1.44.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.7.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-20444
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.13.Final/netty-codec-http-4.1.13.Final.jar
Dependency Hierarchy:
The Netty project is an effort to provide an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty/3.10.6.Final/netty-3.10.6.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.transport.Netty4Plugin (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport$HttpChannelHandler (Extension)
-> io.netty.handler.codec.http.HttpRequestDecoder (Extension)
-> ❌ io.netty.handler.codec.http.HttpObjectDecoder (Vulnerable Component)
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
Publish Date: 2020-01-29
URL: CVE-2019-20444
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444
Release Date: 2020-01-29
Fix Resolution (io.netty:netty-codec-http): 4.1.44.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.7.0
Fix Resolution (io.netty:netty): 4.1.44.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 5.6.5
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-7238Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.13.Final/netty-codec-http-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.transport.Netty4Plugin (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport$HttpChannelHandler (Extension)
-> io.netty.handler.codec.http.HttpRequestDecoder (Extension)
-> ❌ io.netty.handler.codec.http.HttpObjectDecoder (Vulnerable Component)
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Publish Date: 2020-01-27
URL: CVE-2020-7238
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-01-27
Fix Resolution (io.netty:netty-codec-http): 4.1.44.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.7.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-11612Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec/4.1.13.Final/netty-codec-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.transport.Netty4Plugin (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport (Extension)
...
-> io.netty.handler.codec.http.HttpContentCompressor (Extension)
-> io.netty.handler.codec.compression.ZlibCodecFactory (Extension)
-> ❌ io.netty.handler.codec.compression.JZlibDecoder (Vulnerable Component)
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
Publish Date: 2020-04-07
URL: CVE-2020-11612
Base Score Metrics:
Type: Upgrade version
Origin: https://netty.io/news/2020/02/28/4-1-46-Final.html
Release Date: 2020-04-07
Fix Resolution (io.netty:netty-codec): 4.1.46.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.8.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-16869Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.13.Final/netty-codec-http-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.transport.Netty4Plugin (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport$HttpChannelHandler (Extension)
-> io.netty.handler.codec.http.HttpRequestDecoder (Extension)
-> ❌ io.netty.handler.codec.http.HttpObjectDecoder (Vulnerable Component)
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Publish Date: 2019-09-26
URL: CVE-2019-16869
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16869
Release Date: 2019-09-26
Fix Resolution (io.netty:netty-codec-http): 4.1.42.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.5.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-43797Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.13.Final/netty-codec-http-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.transport.Netty4Plugin (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport$HttpChannelHandler (Extension)
-> io.netty.handler.codec.http.HttpRequestDecoder (Extension)
-> ❌ io.netty.handler.codec.http.HttpObjectDecoder (Vulnerable Component)
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
Mend Note: After conducting further research, Mend has determined that all versions of netty up to version 4.1.71.Final are vulnerable to CVE-2021-43797.
Publish Date: 2021-12-09
URL: CVE-2021-43797
Base Score Metrics:
Type: Upgrade version
Origin: CVE-2021-43797
Release Date: 2021-12-09
Fix Resolution (io.netty:netty-codec-http): 4.1.71.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.17.11
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-21295Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.13.Final/netty-codec-http-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.transport.Netty4Plugin (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport (Extension)
-> org.elasticsearch.http.netty4.Netty4HttpServerTransport$HttpChannelHandler (Extension)
-> io.netty.handler.codec.http.HttpRequestDecoder (Extension)
-> ❌ io.netty.handler.codec.http.HttpObjectDecoder (Vulnerable Component)
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (HttpRequest, HttpContent, etc.) via Http2StreamFrameToHttpObjectCodec and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: HTTP2MultiplexCodec or Http2FrameCodec is used, Http2StreamFrameToHttpObjectCodec is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom ChannelInboundHandler that is put in the ChannelPipeline behind Http2StreamFrameToHttpObjectCodec.
Publish Date: 2021-03-09
URL: CVE-2021-21295
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-wm47-8v5p-wjpj
Release Date: 2021-03-09
Fix Resolution (io.netty:netty-codec-http): 4.1.60.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.15.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-24823Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-common/4.1.13.Final/netty-common-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> io.netty.util.concurrent.GlobalEventExecutor (Extension)
-> io.netty.util.concurrent.ScheduledFutureTask (Extension)
-> io.netty.util.concurrent.DefaultPromise (Extension)
-> ❌ io.netty.util.internal.PlatformDependent (Vulnerable Component)
Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own java.io.tmpdir when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
Publish Date: 2022-05-06
URL: CVE-2022-24823
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24823
Release Date: 2022-05-06
Fix Resolution: io.netty:netty-all;io.netty:netty-common - 4.1.77.Final
CVE-2021-37137Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec/4.1.13.Final/netty-codec-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
Publish Date: 2021-10-19
URL: CVE-2021-37137
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-9vjp-v76f-g363
Release Date: 2021-10-19
Fix Resolution (io.netty:netty-codec): 4.1.68.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.17.11
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-37136Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec/4.1.13.Final/netty-codec-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
Publish Date: 2021-10-19
URL: CVE-2021-37136
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-grg4-wf29-r9vv
Release Date: 2021-10-19
Fix Resolution (io.netty:netty-codec): 4.1.68.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.17.11
⛑️ Automatic Remediation will be attempted for this issue.
WS-2020-0408Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-handler/4.1.13.Final/netty-handler-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
An issue was found in all versions of io.netty:netty-all. Host verification in Netty is disabled by default. This can lead to MITM attack in which an attacker can forge valid SSL/TLS certificates for a different hostname in order to intercept traffic that doesn’t intend for him. This is an issue because the certificate is not matched with the host.
Publish Date: 2020-06-22
URL: WS-2020-0408
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2020-0408
Release Date: 2020-06-22
Fix Resolution (io.netty:netty-handler): 4.1.69.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.17.11
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-34462Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-handler/4.1.13.Final/netty-handler-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the SniHandler to allocate 16MB of heap. The SniHandler class is a handler that waits for the TLS handshake to configure a SslHandler according to the indicated server name by the ClientHello record. For this matter it allocates a ByteBuf using the value defined in the ClientHello record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the SslClientHelloHandler. This vulnerability has been fixed in version 4.1.94.Final.
Publish Date: 2023-06-22
URL: CVE-2023-34462
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-6mjq-h674-j845
Release Date: 2023-06-22
Fix Resolution (io.netty:netty-handler): 4.1.94.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.17.12
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-21290
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.13.Final/netty-codec-http-4.1.13.Final.jar
Dependency Hierarchy:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-handler/4.1.13.Final/netty-handler-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
Publish Date: 2021-02-08
URL: CVE-2021-21290
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5mcr-gq6c-3hq2
Release Date: 2021-02-08
Fix Resolution (io.netty:netty-codec-http): 4.1.59.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.15.0
Fix Resolution (io.netty:netty-handler): 4.1.59.Final
Direct dependency fix Resolution (org.elasticsearch.client:transport): 7.15.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-29025Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Library home page: http://netty.io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.13.Final/netty-codec-http-4.1.13.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData list. The decoder cumulates bytes in the undecodedChunk buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
Publish Date: 2024-03-25
URL: CVE-2024-29025
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-29025
Release Date: 2024-03-25
Fix Resolution: io.netty:netty-codec-http:4.1.108.Final
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - amqp-client-4.0.2.jarThe RabbitMQ Java client library allows Java applications to interface with RabbitMQ.
Library home page: http://www.rabbitmq.com
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/rabbitmq/amqp-client/4.0.2/amqp-client-4.0.2.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (amqp-client version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2023-46120 | High |
7.5 | amqp-client-4.0.2.jar | Direct | 5.18.0 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2023-46120The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.
Library home page: http://www.rabbitmq.com
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/rabbitmq/amqp-client/4.0.2/amqp-client-4.0.2.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.
Publish Date: 2023-10-25
URL: CVE-2023-46120
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-mm8h-8587-p46h
Release Date: 2023-10-25
Fix Resolution: 5.18.0
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-data-jpa-1.8.1.RELEASE.jarSpring Data module for JPA repositories.
Library home page: http://projects.spring.io/spring-data-jpa
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/data/spring-data-jpa/1.8.1.RELEASE/spring-data-jpa-1.8.1.RELEASE.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (spring-data-jpa version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2018-1273 | Critical |
9.8 | spring-data-commons-1.10.1.RELEASE.jar | Transitive | 1.11.11.RELEASE | ✅ |
|
| CVE-2016-6652 | Medium |
5.6 | spring-data-jpa-1.8.1.RELEASE.jar | Direct | 1.9.6.RELEASE | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2018-1273Global parent pom.xml to be used by Spring Data modules
Library home page: http://www.spring.io/spring-data
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/data/spring-data-commons/1.10.1.RELEASE/spring-data-commons-1.10.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
Publish Date: 2018-04-10
URL: CVE-2018-1273
Base Score Metrics:
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2018-1273
Release Date: 2018-04-10
Fix Resolution (org.springframework.data:spring-data-commons): 1.13.11.RELEASE
Direct dependency fix Resolution (org.springframework.data:spring-data-jpa): 1.11.11.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2016-6652Spring Data module for JPA repositories.
Library home page: http://projects.spring.io/spring-data-jpa
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/data/spring-data-jpa/1.8.1.RELEASE/spring-data-jpa-1.8.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.
Publish Date: 2016-10-05
URL: CVE-2016-6652
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6652
Release Date: 2016-10-05
Fix Resolution: 1.9.6.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - elasticsearch-5.6.4.jarElasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/elasticsearch/elasticsearch/5.6.4/elasticsearch-5.6.4.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (elasticsearch version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2018-3831 | High |
8.8 | elasticsearch-5.6.4.jar | Direct | 5.6.12 | ✅ |
|
| CVE-2019-7611 | High |
8.1 | elasticsearch-5.6.4.jar | Direct | 5.6.15 | ✅ |
|
| CVE-2023-31418 | High |
7.5 | elasticsearch-5.6.4.jar | Direct | 7.17.13 | ✅ |
|
| CVE-2020-28491 | High |
7.5 | jackson-dataformat-cbor-2.8.6.jar | Transitive | 7.17.9 | ✅ |
|
| CVE-2022-38752 | Medium |
6.5 | snakeyaml-1.15.jar | Transitive | 7.17.9 | ✅ |
|
| CVE-2018-3824 | Medium |
6.1 | elasticsearch-5.6.4.jar | Direct | 5.6.9 | ✅ |
|
| CVE-2019-7614 | Medium |
5.9 | elasticsearch-5.6.4.jar | Direct | 6.8.2 | ✅ |
|
| CVE-2018-3823 | Medium |
5.4 | elasticsearch-5.6.4.jar | Direct | 5.6.9 | ✅ |
|
| CVE-2020-7021 | Medium |
4.9 | elasticsearch-5.6.4.jar | Direct | 6.8.14 | ✅ |
|
| CVE-2020-7020 | Low |
3.1 | elasticsearch-5.6.4.jar | Direct | 6.8.13 | ✅ |
|
| CVE-2017-12629 | Critical |
9.8 | lucene-queryparser-6.6.1.jar | Transitive | 6.0.0 | ✅ |
|
| CVE-2022-1471 | High |
8.3 | snakeyaml-1.15.jar | Transitive | 8.2.0 | ✅ |
|
| CVE-2022-25857 | High |
7.5 | snakeyaml-1.15.jar | Transitive | 7.17.9 | ✅ |
|
| CVE-2017-18640 | High |
7.5 | snakeyaml-1.15.jar | Transitive | 7.7.0 | ✅ |
|
| CVE-2022-38751 | Medium |
6.5 | snakeyaml-1.15.jar | Transitive | 7.17.9 | ✅ |
|
| CVE-2022-38750 | Medium |
6.5 | snakeyaml-1.15.jar | Transitive | 7.17.9 | ✅ |
|
| CVE-2022-38749 | Medium |
6.5 | snakeyaml-1.15.jar | Transitive | 7.17.9 | ✅ |
|
| CVE-2022-41854 | Medium |
5.8 | snakeyaml-1.15.jar | Transitive | 7.17.9 | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2018-3831Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/elasticsearch/elasticsearch/5.6.4/elasticsearch-5.6.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.script.mustache.MustachePlugin (Extension)
-> org.elasticsearch.search.aggregations.PipelineAggregationBuilder (Extension)
...
-> org.elasticsearch.search.aggregations.bucket.terms.TermsAggregationBuilder (Extension)
-> org.elasticsearch.search.aggregations.bucket.terms.InternalOrder (Extension)
-> ❌ org.elasticsearch.search.aggregations.bucket.terms.InternalOrder$3 (Vulnerable Component)
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This could allow an authenticated Elasticsearch user to improperly view these details.
Publish Date: 2018-09-19
URL: CVE-2018-3831
Base Score Metrics:
Type: Upgrade version
Origin: https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035
Release Date: 2018-09-19
Fix Resolution: 5.6.12
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-7611Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/elasticsearch/elasticsearch/5.6.4/elasticsearch-5.6.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.transport.Netty3Plugin (Extension)
-> org.elasticsearch.threadpool.ThreadPool (Extension)
...
-> org.elasticsearch.indices.IndicesModule (Extension)
-> org.elasticsearch.index.mapper.CompletionFieldMapper (Extension)
-> ❌ org.elasticsearch.index.mapper.CompletionFieldMapper$Defaults (Vulnerable Component)
A permission issue was found in Elasticsearch versions before 5.6.15 and 6.6.1 when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index.
Publish Date: 2019-03-25
URL: CVE-2019-7611
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-fj32-6v7m-57pg
Release Date: 2019-03-25
Fix Resolution: 5.6.15
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-31418Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/elasticsearch/elasticsearch/5.6.4/elasticsearch-5.6.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.controller.ElasticSearchController (Application)
-> com.visualpathit.account.utils.ElasticsearchUtil (Extension)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.node.Node (Extension)
...
-> org.elasticsearch.index.mapper.NumberFieldMapper$TypeParser (Extension)
-> org.elasticsearch.index.mapper.LegacyByteFieldMapper$TypeParser (Extension)
-> ❌ org.elasticsearch.index.mapper.LegacyNumberFieldMapper (Vulnerable Component)
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.
Publish Date: 2023-10-26
URL: CVE-2023-31418
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-2cqf-6xv9-f22w
Release Date: 2023-10-26
Fix Resolution: 7.17.13
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-28491Support for reading and writing Concise Binary Object Representation ([CBOR](https://www.rfc-editor.org/info/rfc7049) encoded data using Jackson abstractions (streaming API, data binding, tree model)
Library home page: http://github.com/FasterXML/jackson-dataformats-binary
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.8.6/jackson-dataformat-cbor-2.8.6.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.controller.ElasticSearchController (Application)
-> org.elasticsearch.common.xcontent.XContentFactory (Extension)
-> org.elasticsearch.common.xcontent.cbor.CborXContent (Extension)
-> ❌ com.fasterxml.jackson.dataformat.cbor.CBORParser (Vulnerable Component)
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
Publish Date: 2021-02-18
URL: CVE-2020-28491
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28491
Release Date: 2021-02-18
Fix Resolution (com.fasterxml.jackson.dataformat:jackson-dataformat-cbor): 2.11.4
Direct dependency fix Resolution (org.elasticsearch:elasticsearch): 7.17.9
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-38752YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.15/snakeyaml-1.15.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.controller.ElasticSearchController (Application)
-> org.elasticsearch.common.xcontent.XContentFactory (Extension)
-> org.elasticsearch.common.xcontent.yaml.YamlXContent (Extension)
-> com.fasterxml.jackson.dataformat.yaml.YAMLParser (Extension)
-> ❌ org.yaml.snakeyaml.parser.ParserImpl (Vulnerable Component)
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
Publish Date: 2022-09-05
URL: CVE-2022-38752
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-9w3m-gqgf-c4p9
Release Date: 2022-09-05
Fix Resolution (org.yaml:snakeyaml): 1.32
Direct dependency fix Resolution (org.elasticsearch:elasticsearch): 7.17.9
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-3824Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/elasticsearch/elasticsearch/5.6.4/elasticsearch-5.6.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.client.transport.TransportClient (Extension)
-> org.elasticsearch.search.SearchModule (Extension)
-> ❌ org.elasticsearch.index.query.GeohashCellQuery$Builder (Vulnerable Component)
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of that other ML user.
Publish Date: 2018-09-19
URL: CVE-2018-3824
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3824
Release Date: 2018-09-19
Fix Resolution: 5.6.9
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-7614Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/elasticsearch/elasticsearch/5.6.4/elasticsearch-5.6.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.client.transport.TransportClient (Extension)
-> org.elasticsearch.action.ActionModule (Extension)
-> org.elasticsearch.action.admin.indices.mapping.put.TransportPutMappingAction (Extension)
-> org.elasticsearch.cluster.metadata.MetaDataMappingService (Extension)
-> ❌ org.elasticsearch.cluster.metadata.MetaDataMappingService$1 (Vulnerable Component)
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.
Publish Date: 2019-07-30
URL: CVE-2019-7614
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7614
Release Date: 2019-07-30
Fix Resolution: 6.8.2
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-3823Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/elasticsearch/elasticsearch/5.6.4/elasticsearch-5.6.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.transport.client.PreBuiltTransportClient (Extension)
-> org.elasticsearch.transport.Netty3Plugin (Extension)
-> org.elasticsearch.threadpool.ThreadPool (Extension)
...
-> org.elasticsearch.indices.IndicesModule (Extension)
-> org.elasticsearch.index.mapper.CompletionFieldMapper (Extension)
-> ❌ org.elasticsearch.index.mapper.CompletionFieldMapper$Defaults (Vulnerable Component)
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs.
Publish Date: 2018-09-19
URL: CVE-2018-3823
Base Score Metrics:
Type: Upgrade version
Origin: https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422
Release Date: 2018-09-19
Fix Resolution: 5.6.9
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-7021Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/elasticsearch/elasticsearch/5.6.4/elasticsearch-5.6.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.client.transport.TransportClient (Extension)
-> org.elasticsearch.action.ActionModule (Extension)
-> org.elasticsearch.rest.action.admin.indices.RestSyncedFlushAction (Extension)
-> ❌ org.elasticsearch.rest.action.admin.indices.RestSyncedFlushAction$1 (Vulnerable Component)
Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
Publish Date: 2021-02-10
URL: CVE-2020-7021
Base Score Metrics:
Type: Upgrade version
Origin: https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915
Release Date: 2021-02-10
Fix Resolution: 6.8.14
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-7020Elasticsearch subproject :core
Library home page: https://github.com/elastic/elasticsearch
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/elasticsearch/elasticsearch/5.6.4/elasticsearch-5.6.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.utils.ElasticsearchUtil (Application)
-> org.elasticsearch.client.transport.TransportClient (Extension)
-> org.elasticsearch.action.ActionModule (Extension)
-> org.elasticsearch.rest.action.admin.indices.RestSyncedFlushAction (Extension)
-> ❌ org.elasticsearch.rest.action.admin.indices.RestSyncedFlushAction$1 (Vulnerable Component)
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
Publish Date: 2020-10-22
URL: CVE-2020-7020
Base Score Metrics:
Type: Upgrade version
Origin: https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033
Release Date: 2020-10-22
Fix Resolution: 6.8.13
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2017-12629Lucene QueryParsers module
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/lucene/lucene-queryparser/6.6.1/lucene-queryparser-6.6.1.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
Publish Date: 2017-10-14
URL: CVE-2017-12629
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-mh7g-99w9-xpjm
Release Date: 2017-10-14
Fix Resolution (org.apache.lucene:lucene-queryparser): 6.6.2
Direct dependency fix Resolution (org.elasticsearch:elasticsearch): 6.0.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-1471YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.15/snakeyaml-1.15.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
Publish Date: 2022-12-01
URL: CVE-2022-1471
Base Score Metrics:
Type: Upgrade version
Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374
Release Date: 2022-12-01
Fix Resolution (org.yaml:snakeyaml): 2.0
Direct dependency fix Resolution (org.elasticsearch:elasticsearch): 8.2.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-25857YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.15/snakeyaml-1.15.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
Publish Date: 2022-08-30
URL: CVE-2022-25857
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857
Release Date: 2022-08-30
Fix Resolution (org.yaml:snakeyaml): 1.31
Direct dependency fix Resolution (org.elasticsearch:elasticsearch): 7.17.9
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2017-18640YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.15/snakeyaml-1.15.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
Publish Date: 2019-12-12
URL: CVE-2017-18640
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18640
Release Date: 2019-12-12
Fix Resolution (org.yaml:snakeyaml): 1.26
Direct dependency fix Resolution (org.elasticsearch:elasticsearch): 7.7.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-38751YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.15/snakeyaml-1.15.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Publish Date: 2022-09-05
URL: CVE-2022-38751
Base Score Metrics:
Type: Upgrade version
Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039
Release Date: 2022-09-05
Fix Resolution (org.yaml:snakeyaml): 1.31
Direct dependency fix Resolution (org.elasticsearch:elasticsearch): 7.17.9
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-38750YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.15/snakeyaml-1.15.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Publish Date: 2022-09-05
URL: CVE-2022-38750
Base Score Metrics:
Type: Upgrade version
Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027
Release Date: 2022-09-05
Fix Resolution (org.yaml:snakeyaml): 1.31
Direct dependency fix Resolution (org.elasticsearch:elasticsearch): 7.17.9
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-38749YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.15/snakeyaml-1.15.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Publish Date: 2022-09-05
URL: CVE-2022-38749
Base Score Metrics:
Type: Upgrade version
Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027
Release Date: 2022-09-05
Fix Resolution (org.yaml:snakeyaml): 1.31
Direct dependency fix Resolution (org.elasticsearch:elasticsearch): 7.17.9
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-41854YAML 1.1 parser and emitter for Java
Library home page: http://www.snakeyaml.org
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.15/snakeyaml-1.15.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
Publish Date: 2022-11-11
URL: CVE-2022-41854
Base Score Metrics:
Type: Upgrade version
Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/531/
Release Date: 2022-11-11
Fix Resolution (org.yaml:snakeyaml): 1.32
Direct dependency fix Resolution (org.elasticsearch:elasticsearch): 7.17.9
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-security-config-4.0.1.RELEASE.jarspring-security-config
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-config/4.0.1.RELEASE/spring-security-config-4.0.1.RELEASE.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (spring-security-config version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2016-5007 | High |
7.5 | spring-security-config-4.0.1.RELEASE.jar | Direct | 4.1.1.RELEASE | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2016-5007spring-security-config
Library home page: http://spring.io/spring-security
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-config/4.0.1.RELEASE/spring-security-config-4.0.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.security.config.annotation.web.builders.HttpSecurity (Extension)
-> ❌ org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer$ChannelRequestMatcherRegistry (Vulnerable Component)
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
Publish Date: 2017-05-25
URL: CVE-2016-5007
Base Score Metrics:
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2016-5007
Release Date: 2017-05-25
Fix Resolution: 4.1.1.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-web-4.2.0.RELEASE.jarSpring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.0.RELEASE/spring-web-4.2.0.RELEASE.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (spring-web version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2022-22965 | Critical |
9.8 | spring-beans-4.2.0.RELEASE.jar | Transitive | 5.2.21.RELEASE | ✅ |
|
| CVE-2015-5211 | Critical |
9.6 | spring-web-4.2.0.RELEASE.jar | Direct | 4.2.2.RELEASE | ✅ |
|
| WS-2021-0170 | Critical |
9.0 | spring-core-4.2.0.RELEASE.jar | Transitive | 4.2.3.RELEASE | ✅ |
|
| CVE-2024-22262 | High |
8.1 | spring-web-4.2.0.RELEASE.jar | Direct | 5.3.34 | ✅ |
|
| CVE-2024-22259 | High |
8.1 | spring-web-4.2.0.RELEASE.jar | Direct | 5.3.33 | ✅ |
|
| CVE-2024-22243 | High |
8.1 | spring-web-4.2.0.RELEASE.jar | Direct | 5.3.32 | ✅ |
|
| CVE-2018-15756 | High |
7.5 | spring-web-4.2.0.RELEASE.jar | Direct | 4.3.20.RELEASE | ✅ |
|
| CVE-2018-1272 | High |
7.5 | spring-core-4.2.0.RELEASE.jar | Transitive | 4.3.15.RELEASE | ✅ |
|
| CVE-2024-38809 | Medium |
6.5 | spring-web-4.2.0.RELEASE.jar | Direct | 5.3.38 | ✅ |
|
| CVE-2023-20863 | Medium |
6.5 | spring-expression-4.2.0.RELEASE.jar | Transitive | 5.0.0.RELEASE | ✅ |
|
| CVE-2023-20861 | Medium |
6.5 | spring-expression-4.2.0.RELEASE.jar | Transitive | 5.0.0.RELEASE | ✅ |
|
| CVE-2022-22950 | Medium |
6.5 | spring-expression-4.2.0.RELEASE.jar | Transitive | 5.0.0.RELEASE | ✅ |
|
| CVE-2020-5421 | Medium |
6.5 | spring-web-4.2.0.RELEASE.jar | Direct | 4.3.29.RELEASE | ✅ |
|
| CVE-2022-22970 | Medium |
5.3 | detected in multiple dependencies | Transitive | 5.2.22.RELEASE | ✅ |
|
| CVE-2022-22968 | Medium |
5.3 | spring-context-4.2.0.RELEASE.jar | Transitive | 5.0.0.RELEASE | ✅ |
|
| CVE-2018-1199 | Medium |
5.3 | spring-core-4.2.0.RELEASE.jar | Transitive | 4.3.14.RELEASE | ✅ |
|
| CVE-2024-38808 | Medium |
4.3 | spring-expression-4.2.0.RELEASE.jar | Transitive | 5.0.0.RELEASE | ✅ |
|
| CVE-2021-22060 | Medium |
4.3 | spring-core-4.2.0.RELEASE.jar | Transitive | 5.2.19.RELEASE | ✅ |
|
| CVE-2016-1000027 | Critical |
9.8 | spring-web-4.2.0.RELEASE.jar | Direct | 4.3.26.RELEASE | ✅ |
|
| WS-2016-7112 | Medium |
4.9 | spring-context-4.2.0.RELEASE.jar | Transitive | 4.2.8.RELEASE | ✅ |
|
| CVE-2021-22096 | Medium |
4.3 | detected in multiple dependencies | Direct | 5.2.18.RELEASE | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Partial details (17 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE-2022-22965Spring Beans
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.2.0.RELEASE/spring-beans-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.controller.UserController (Application)
-> com.visualpathit.account.validator.UserValidator (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.beans.BeanUtils (Extension)
-> ❌ org.springframework.beans.CachedIntrospectionResults (Vulnerable Component)
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Mend Note: Converted from WS-2022-0107, on 2022-11-07.
Publish Date: 2022-04-01
URL: CVE-2022-22965
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Release Date: 2022-04-01
Fix Resolution (org.springframework:spring-beans): 5.2.20.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 5.2.21.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2015-5211Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.0.RELEASE/spring-web-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport$NoOpValidator (Extension)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport (Extension)
-> org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer (Extension)
-> ❌ org.springframework.web.accept.ContentNegotiationManagerFactoryBean (Vulnerable Component)
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
Publish Date: 2017-05-25
URL: CVE-2015-5211
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211
Release Date: 2017-05-25
Fix Resolution: 4.2.2.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
WS-2021-0170Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.2.0.RELEASE/spring-core-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.SecurityServiceImpl (Application)
-> org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser$AuthenticationManagerDelegator (Extension)
-> org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser (Extension)
-> org.springframework.aop.framework.ProxyFactoryBean (Extension)
...
-> org.springframework.core.ResolvableType (Extension)
-> org.springframework.core.SerializableTypeWrapper (Extension)
-> ❌ org.springframework.core.SerializableTypeWrapper$MethodInvokeTypeProvider (Vulnerable Component)
In spring-core, versions v4.0.0.RC1 through v4.1.8.RELEASE, and v4.2.0.RC1 through v4.2.2.RELEASE, allow arbitrary code execution due to the SerializableTypeWrapper class, which allows invocation of any method on the Java classpath through its MethodInvokeTypeProvider method. SerializableTypeWrapper, implementing the Serializable interface, can be included in a maliciously crafted serialized object and be used to eventually invoke Runtime.getRuntime.exec(), if commons-collections is included in the classpath.
Publish Date: 2021-06-29
URL: WS-2021-0170
Base Score Metrics:
Type: Upgrade version
Release Date: 2021-06-29
Fix Resolution (org.springframework:spring-core): 4.2.3.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 4.2.3.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-22262Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.0.RELEASE/spring-web-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport$NoOpValidator (Extension)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport (Extension)
-> org.springframework.web.method.support.CompositeUriComponentsContributor (Extension)
-> ❌ org.springframework.web.util.UriComponentsBuilder (Vulnerable Component)
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Publish Date: 2024-04-16
URL: CVE-2024-22262
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22262
Release Date: 2024-04-16
Fix Resolution: 5.3.34
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-22259Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.0.RELEASE/spring-web-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport$NoOpValidator (Extension)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport (Extension)
-> org.springframework.web.method.support.CompositeUriComponentsContributor (Extension)
-> ❌ org.springframework.web.util.UriComponentsBuilder (Vulnerable Component)
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
Publish Date: 2024-03-16
URL: CVE-2024-22259
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22259
Release Date: 2024-03-16
Fix Resolution: 5.3.33
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-22243Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.0.RELEASE/spring-web-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.controller.FileUploadController (Application)
-> ❌ org.springframework.web.multipart.MultipartFile (Vulnerable Component)
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks.
Publish Date: 2024-02-23
URL: CVE-2024-22243
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-22243
Release Date: 2024-02-23
Fix Resolution: 5.3.32
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-15756Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.0.RELEASE/spring-web-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.controller.FileUploadController (Application)
-> org.springframework.web.multipart.support.StandardMultipartHttpServletRequest$StandardMultipartFile (Extension)
-> org.springframework.web.multipart.support.StandardMultipartHttpServletRequest (Extension)
-> org.springframework.http.HttpHeaders (Extension)
-> ❌ org.springframework.http.HttpRange (Vulnerable Component)
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
Publish Date: 2018-10-18
URL: CVE-2018-15756
Base Score Metrics:
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2018-15756
Release Date: 2018-10-16
Fix Resolution: 4.3.20.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-1272Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.2.0.RELEASE/spring-core-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport$NoOpValidator (Extension)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport (Extension)
-> org.springframework.http.converter.support.AllEncompassingFormHttpMessageConverter (Extension)
-> org.springframework.http.converter.FormHttpMessageConverter (Extension)
-> ❌ org.springframework.util.MimeTypeUtils (Vulnerable Component)
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Publish Date: 2018-04-05
URL: CVE-2018-1272
Base Score Metrics:
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2018-1272
Release Date: 2018-04-05
Fix Resolution (org.springframework:spring-core): 4.3.15.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 4.3.15.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-38809Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.0.RELEASE/spring-web-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport$NoOpValidator (Extension)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport (Extension)
-> org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer (Extension)
-> org.springframework.web.accept.ContentNegotiationManagerFactoryBean (Extension)
-> ❌ org.springframework.web.accept.ParameterContentNegotiationStrategy (Vulnerable Component)
Spring Framework is vulnerable DoS via conditional HTTP request. Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to Denial of Service attack. All versions before 5.3.38, 6.0.23 and 6.1.12 are affected.
Publish Date: 2024-09-24
URL: CVE-2024-38809
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38809
Release Date: 2024-06-20
Fix Resolution: 5.3.38
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-20863Spring Expression Language (SpEL)
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.2.0.RELEASE/spring-expression-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler (Extension)
...
-> org.springframework.expression.spel.support.StandardEvaluationContext (Extension)
-> org.springframework.expression.spel.support.ReflectiveMethodResolver (Extension)
-> ❌ org.springframework.expression.spel.SpelMessage (Vulnerable Component)
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Publish Date: 2023-04-13
URL: CVE-2023-20863
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-20863
Release Date: 2023-04-13
Fix Resolution (org.springframework:spring-expression): 5.2.24.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 5.0.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-20861Spring Expression Language (SpEL)
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.2.0.RELEASE/spring-expression-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler (Extension)
...
-> org.springframework.expression.spel.standard.SpelExpressionParser (Extension)
-> org.springframework.expression.spel.standard.InternalSpelExpressionParser (Extension)
-> ❌ org.springframework.expression.spel.ast.OperatorMatches (Vulnerable Component)
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Publish Date: 2023-03-23
URL: CVE-2023-20861
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-20861
Release Date: 2023-03-23
Fix Resolution (org.springframework:spring-expression): 5.2.23.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 5.0.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-22950Spring Expression Language (SpEL)
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.2.0.RELEASE/spring-expression-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler (Extension)
...
-> org.springframework.expression.spel.support.StandardEvaluationContext (Extension)
-> org.springframework.expression.spel.support.ReflectiveMethodResolver (Extension)
-> ❌ org.springframework.expression.spel.SpelMessage (Vulnerable Component)
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Publish Date: 2022-04-01
URL: CVE-2022-22950
Base Score Metrics:
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2022-22950
Release Date: 2022-04-01
Fix Resolution (org.springframework:spring-expression): 5.2.20.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 5.0.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-5421Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/4.2.0.RELEASE/spring-web-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport$NoOpValidator (Extension)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport (Extension)
-> org.springframework.web.servlet.config.annotation.ViewResolverRegistry (Extension)
-> org.springframework.web.servlet.view.ContentNegotiatingViewResolver (Extension)
-> org.springframework.web.context.request.ServletRequestAttributes (Extension)
-> ❌ org.springframework.web.util.WebUtils (Vulnerable Component)
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Publish Date: 2020-09-17
URL: CVE-2020-5421
Base Score Metrics:
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2020-5421
Release Date: 2020-09-17
Fix Resolution: 4.3.29.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-22970
Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.2.0.RELEASE/spring-core-4.2.0.RELEASE.jar
Dependency Hierarchy:
Spring Beans
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/4.2.0.RELEASE/spring-beans-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.context.annotation.ConfigurationClassPostProcessor (Extension)
...
-> org.springframework.context.annotation.ComponentScanAnnotationParser (Extension)
-> org.springframework.core.type.filter.AssignableTypeFilter (Extension)
-> ❌ org.springframework.core.type.filter.AbstractTypeHierarchyTraversingFilter (Vulnerable Component)
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Publish Date: 2022-05-12
URL: CVE-2022-22970
Base Score Metrics:
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2022-22970
Release Date: 2022-05-12
Fix Resolution (org.springframework:spring-core): 5.2.22.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 5.2.22.RELEASE
Fix Resolution (org.springframework:spring-beans): 5.2.22.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 5.2.22.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-22968Spring Context
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/4.2.0.RELEASE/spring-context-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration$1 (Extension)
-> org.springframework.messaging.simp.config.AbstractMessageBrokerConfiguration (Extension)
-> org.springframework.messaging.simp.annotation.support.SimpAnnotationMethodMessageHandler (Extension)
-> org.springframework.messaging.handler.annotation.support.PayloadArgumentResolver (Extension)
-> ❌ org.springframework.validation.annotation.Validated (Vulnerable Component)
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
Publish Date: 2022-04-14
URL: CVE-2022-22968
Base Score Metrics:
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2022-22968
Release Date: 2022-04-14
Fix Resolution (org.springframework:spring-context): 5.2.21.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 5.0.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-1199Spring Core
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/4.2.0.RELEASE/spring-core-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.beans.factory.support.CglibSubclassingInstantiationStrategy (Extension)
...
-> org.springframework.cglib.proxy.Enhancer (Extension)
-> org.springframework.cglib.core.AbstractClassGenerator (Extension)
-> ❌ org.springframework.cglib.core.AbstractClassGenerator$1 (Vulnerable Component)
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.
Publish Date: 2018-03-16
URL: CVE-2018-1199
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199
Release Date: 2018-03-16
Fix Resolution (org.springframework:spring-core): 4.3.14.RELEASE
Direct dependency fix Resolution (org.springframework:spring-web): 4.3.14.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-38808Spring Expression Language (SpEL)
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/4.2.0.RELEASE/spring-expression-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.service.UserDetailsServiceImpl (Application)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$UserDetailsServiceDelegator (Extension)
-> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
-> org.springframework.context.support.AbstractApplicationContext (Extension)
...
-> org.springframework.expression.spel.standard.SpelExpressionParser (Extension)
-> org.springframework.expression.spel.standard.InternalSpelExpressionParser (Extension)
-> ❌ org.springframework.expression.spel.ast.ConstructorReference (Vulnerable Component)
In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.
Specifically, an application is vulnerable when the following is true:
Publish Date: 2024-08-20
URL: CVE-2024-38808
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38808
Release Date: 2024-08-20
Fix Resolution (org.springframework:spring-expression): 5.3.39
Direct dependency fix Resolution (org.springframework:spring-web): 5.0.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - commons-fileupload-1.3.1.jarThe Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/proper/commons-fileupload/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.3.1/commons-fileupload-1.3.1.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (commons-fileupload version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2016-1000031 | High |
7.3 | commons-fileupload-1.3.1.jar | Direct | 1.3.3 | ✅ |
|
| WS-2014-0034 | High |
7.5 | commons-fileupload-1.3.1.jar | Direct | 1.4 | ✅ |
|
| CVE-2023-24998 | High |
7.5 | commons-fileupload-1.3.1.jar | Direct | 1.5 | ✅ |
|
| CVE-2016-3092 | High |
7.5 | commons-fileupload-1.3.1.jar | Direct | 1.3.2 | ✅ |
|
| CVE-2021-29425 | Medium |
4.8 | commons-io-2.4.jar | Transitive | 1.3.2 | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2016-1000031The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/proper/commons-fileupload/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.3.1/commons-fileupload-1.3.1.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.controller.FileUploadController (Application)
-> org.springframework.web.multipart.commons.CommonsMultipartFile (Extension)
-> ❌ org.apache.commons.fileupload.FileItem (Vulnerable Component)
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
Publish Date: 2016-10-25
URL: CVE-2016-1000031
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031
Release Date: 2016-10-25
Fix Resolution: 1.3.3
⛑️ Automatic Remediation will be attempted for this issue.
WS-2014-0034The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/proper/commons-fileupload/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.3.1/commons-fileupload-1.3.1.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
The class FileUploadBase in Apache Commons Fileupload before 1.4 has potential resource leak - InputStream not closed on exception.
Publish Date: 2014-02-17
URL: WS-2014-0034
Base Score Metrics:
Type: Upgrade version
Release Date: 2014-02-17
Fix Resolution: 1.4
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-24998The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/proper/commons-fileupload/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.3.1/commons-fileupload-1.3.1.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.
Publish Date: 2023-02-20
URL: CVE-2023-24998
Base Score Metrics:
Type: Upgrade version
Origin: https://tomcat.apache.org/security-10.html
Release Date: 2023-02-20
Fix Resolution: 1.5
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2016-3092The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/proper/commons-fileupload/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.3.1/commons-fileupload-1.3.1.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
Publish Date: 2016-07-04
URL: CVE-2016-3092
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
Release Date: 2016-07-04
Fix Resolution: 1.3.2
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-29425The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Library home page: http://commons.apache.org/io/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
Publish Date: 2021-04-13
URL: CVE-2021-29425
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425
Release Date: 2021-04-13
Fix Resolution (commons-io:commons-io): 2.7
Direct dependency fix Resolution (commons-fileupload:commons-fileupload): 1.3.2
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - spring-webmvc-4.2.0.RELEASE.jarSpring Web MVC
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/4.2.0.RELEASE/spring-webmvc-4.2.0.RELEASE.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (spring-webmvc version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2015-5211 | Critical |
9.6 | spring-webmvc-4.2.0.RELEASE.jar | Direct | 4.2.2.RELEASE | ✅ |
|
| CVE-2016-5007 | High |
7.5 | spring-webmvc-4.2.0.RELEASE.jar | Direct | 4.3.0.RELEASE | ✅ |
|
| CVE-2018-1271 | Medium |
5.9 | spring-webmvc-4.2.0.RELEASE.jar | Direct | 4.3.15.RELEASE | ✅ |
|
| CVE-2021-22096 | Medium |
4.3 | spring-webmvc-4.2.0.RELEASE.jar | Direct | 5.2.18.RELEASE | ✅ |
|
| CVE-2016-9878 | High |
7.5 | spring-webmvc-4.2.0.RELEASE.jar | Direct | 4.2.9.RELEASE | ✅ |
|
| CVE-2024-38816 | High |
7.5 | spring-webmvc-4.2.0.RELEASE.jar | Direct | 6.1.13 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2015-5211Spring Web MVC
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/4.2.0.RELEASE/spring-webmvc-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport$NoOpValidator (Extension)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport (Extension)
-> org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping (Extension)
-> ❌ org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping (Vulnerable Component)
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.
Publish Date: 2017-05-25
URL: CVE-2015-5211
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5211
Release Date: 2017-05-25
Fix Resolution: 4.2.2.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2016-5007Spring Web MVC
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/4.2.0.RELEASE/spring-webmvc-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport$NoOpValidator (Extension)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport (Extension)
-> ❌ org.springframework.web.servlet.handler.AbstractHandlerMapping (Vulnerable Component)
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.
Publish Date: 2017-05-25
URL: CVE-2016-5007
Base Score Metrics:
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2016-5007
Release Date: 2017-05-25
Fix Resolution: 4.3.0.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2018-1271Spring Web MVC
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/4.2.0.RELEASE/spring-webmvc-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport$NoOpValidator (Extension)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport (Extension)
-> org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry (Extension)
-> org.springframework.web.servlet.resource.ResourceHttpRequestHandler (Extension)
-> ❌ org.springframework.web.servlet.resource.PathResourceResolver (Vulnerable Component)
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
Publish Date: 2018-04-05
URL: CVE-2018-1271
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271
Release Date: 2018-04-05
Fix Resolution: 4.3.15.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2021-22096Spring Web MVC
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/4.2.0.RELEASE/spring-webmvc-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
This vulnerability is potentially reachable
com.visualpathit.account.validator.UserValidator (Application)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport$NoOpValidator (Extension)
-> org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport (Extension)
-> org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry (Extension)
-> ❌ org.springframework.web.servlet.resource.ResourceHttpRequestHandler (Vulnerable Component)
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Publish Date: 2021-10-28
URL: CVE-2021-22096
Base Score Metrics:
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2021-22096
Release Date: 2021-10-28
Fix Resolution: 5.2.18.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2016-9878Spring Web MVC
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/4.2.0.RELEASE/spring-webmvc-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Publish Date: 2016-12-29
URL: CVE-2016-9878
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9878
Release Date: 2016-12-29
Fix Resolution: 4.2.9.RELEASE
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2024-38816Spring Web MVC
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/4.2.0.RELEASE/spring-webmvc-4.2.0.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Specifically, an application is vulnerable when both of the following are true:
However, malicious requests are blocked and rejected when any of the following is true:
Publish Date: 2024-09-13
URL: CVE-2024-38816
Base Score Metrics:
Type: Upgrade version
Origin: https://spring.io/security/cve-2024-38816
Release Date: 2024-09-13
Fix Resolution: 6.1.13
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Vulnerable Library - bootstrap-3.3.7.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (bootstrap version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2019-8331 | Medium |
6.1 | bootstrap-3.3.7.min.js | Direct | bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1 | ❌ | |
| CVE-2018-20677 | Medium |
6.1 | bootstrap-3.3.7.min.js | Direct | Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0 | ❌ | |
| CVE-2018-20676 | Medium |
6.1 | bootstrap-3.3.7.min.js | Direct | bootstrap - 3.4.0 | ❌ | |
| CVE-2018-14042 | Medium |
6.1 | bootstrap-3.3.7.min.js | Direct | bootstrap - 3.4.0,4.1.2 | ❌ | |
| CVE-2016-10735 | Medium |
6.1 | bootstrap-3.3.7.min.js | Direct | bootstrap - 3.4.0, 4.0.0-beta.2 | ❌ | |
| CVE-2018-14040 | Low |
3.7 | bootstrap-3.3.7.min.js | Direct | org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2019-8331The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
Base Score Metrics:
Type: Upgrade version
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
CVE-2018-20677The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: 2019-01-09
URL: CVE-2018-20677
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
Release Date: 2019-01-09
Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
CVE-2018-20676The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Publish Date: 2019-01-09
URL: CVE-2018-20676
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0
CVE-2018-14042The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042
Release Date: 2018-07-13
Fix Resolution: bootstrap - 3.4.0,4.1.2
CVE-2016-10735The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Mend Note: Converted from WS-2018-0021, on 2022-11-08.
Publish Date: 2019-01-09
URL: CVE-2016-10735
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2
CVE-2018-14040The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to dependency file: /src/main/webapp/WEB-INF/views/upload.jsp
Path to vulnerable library: /src/main/webapp/WEB-INF/views/upload.jsp
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
Vulnerable Library - mysql-connector-java-5.1.35.jarMySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (mysql-connector-java version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|
| CVE-2017-3523 | High |
8.5 | mysql-connector-java-5.1.35.jar | Direct | 5.1.41 | ✅ |
|
| CVE-2023-22102 | High |
8.3 | mysql-connector-java-5.1.35.jar | Direct | com.mysql:mysql-connector-j:8.2.0 | ✅ |
|
| CVE-2022-21363 | Medium |
6.6 | mysql-connector-java-5.1.35.jar | Direct | mysql:mysql-connector-java:8.0.28 | ✅ |
|
| CVE-2017-3586 | Medium |
6.4 | mysql-connector-java-5.1.35.jar | Direct | 5.1.42 | ✅ |
|
| CVE-2019-2692 | Medium |
6.3 | mysql-connector-java-5.1.35.jar | Direct | 5.1.48 | ✅ |
|
| CVE-2020-2934 | Medium |
5.0 | mysql-connector-java-5.1.35.jar | Direct | 5.1.49 | ✅ |
|
| CVE-2020-2875 | Medium |
4.7 | mysql-connector-java-5.1.35.jar | Direct | 5.1.49 | ✅ |
|
| CVE-2017-3589 | Low |
3.3 | mysql-connector-java-5.1.35.jar | Direct | 5.1.42 | ✅ |
|
| CVE-2020-2933 | Low |
2.2 | mysql-connector-java-5.1.35.jar | Direct | 5.1.49 | ✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2017-3523MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
Publish Date: 2017-04-24
URL: CVE-2017-3523
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-2xxh-f8r3-hvvr
Release Date: 2017-04-24
Fix Resolution: 5.1.41
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2023-22102MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Publish Date: 2023-10-17
URL: CVE-2023-22102
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-22102
Release Date: 2023-10-17
Fix Resolution: com.mysql:mysql-connector-j:8.2.0
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2022-21363MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
Publish Date: 2022-01-19
URL: CVE-2022-21363
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-g76j-4cxx-23h9
Release Date: 2022-01-19
Fix Resolution: mysql:mysql-connector-java:8.0.28
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2017-3586MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).
Publish Date: 2017-04-24
URL: CVE-2017-3586
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1444406
Release Date: 2017-04-24
Fix Resolution: 5.1.42
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2019-2692MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Publish Date: 2019-04-23
URL: CVE-2019-2692
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jcq3-cprp-m333
Release Date: 2019-04-23
Fix Resolution: 5.1.48
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-2934MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
Publish Date: 2020-04-15
URL: CVE-2020-2934
Base Score Metrics:
Type: Upgrade version
Origin: https://www.oracle.com/security-alerts/cpuapr2020.html
Release Date: 2020-04-15
Fix Resolution: 5.1.49
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-2875MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).
Publish Date: 2020-04-15
URL: CVE-2020-2875
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-04-15
Fix Resolution: 5.1.49
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2017-3589MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Publish Date: 2017-04-24
URL: CVE-2017-3589
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589
Release Date: 2017-04-24
Fix Resolution: 5.1.42
⛑️ Automatic Remediation will be attempted for this issue.
CVE-2020-2933MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/5.1.35/mysql-connector-java-5.1.35.jar
Dependency Hierarchy:
Found in HEAD commit: 643a7fad08d6608eaf25b22f87aee4b43387f2fc
Found in base branch: vp-rem
The vulnerable code is unreachable
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
Publish Date: 2020-04-15
URL: CVE-2020-2933
Base Score Metrics:
Type: Upgrade version
Origin: https://docs.oracle.com/javase/7/docs/api/javax/xml/XMLConstants.html#FEATURE_SECURE_PROCESSING
Release Date: 2020-04-15
Fix Resolution: 5.1.49
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.