Coder Social home page Coder Social logo

luisillobret2 / webgoat Goto Github PK

View Code? Open in Web Editor NEW

This project forked from webgoat/webgoat

0.0 0.0 0.0 101.17 MB

WebGoat is a deliberately insecure application

Home Page: https://luisillobret2.github.io/WebGoat/

License: Other

Shell 0.03% JavaScript 48.10% Java 36.96% CSS 3.68% RobotFramework 0.12% HTML 11.07% Dockerfile 0.04%

webgoat's Introduction

WebGoat 8: A deliberately insecure Web Application

Build java-jdk OWASP Labs GitHub release Gitter Discussions

Introduction

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.

This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.

WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program. WebGoat's default configuration binds to localhost to minimize the exposure.

WARNING 2: This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.

WebGoat

Installation instructions:

For more details check the Contribution guide

1. Run using Docker

Already have a browser and ZAP and/or Burp installed on your machine in this case you can run the WebGoat image directly using Docker.

Every release is also published on DockerHub.

docker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 webgoat/webgoat

If you want to reuse the container, give it a name:

docker run --name webgoat -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 webgoat/webgoat

As long as you don't remove the container you can use:

docker start webgoat

This way, you can start where you left off. If you remove the container, you need to use docker run again.

2. Run using Docker with complete Linux Desktop

Instead of installing tools locally we have a complete Docker image based on running a desktop in your browser. This way you only have to run a Docker image which will give you the best user experience.

docker run -p 127.0.0.1:3000:3000 webgoat/webgoat-desktop

3. Standalone

Download the latest WebGoat release from https://github.com/WebGoat/WebGoat/releases

java -Dfile.encoding=UTF-8 -Dwebgoat.port=8080 -Dwebwolf.port=9090 -jar webgoat-2023.3.jar

Click the link in the log to start WebGoat.

4. Run from the sources

Prerequisites:

  • Java 17
  • Your favorite IDE
  • Git, or Git support in your IDE

Open a command shell/window:

git clone [email protected]:WebGoat/WebGoat.git

Now let's start by compiling the project.

cd WebGoat
git checkout <<branch_name>>
# On Linux/Mac:
./mvnw clean install

# On Windows:
./mvnw.cmd clean install

# Using docker or podman, you can than build the container locally
docker build -f Dockerfile . -t webgoat/webgoat

Now we are ready to run the project. WebGoat is using Spring Boot.

# On Linux/Mac:
./mvnw spring-boot:run
# On Windows:
./mvnw.cmd spring-boot:run

... you should be running WebGoat on http://localhost:8080/WebGoat momentarily.

Note: The above link will redirect you to login page if you are not logged in. LogIn/Create account to proceed.

To change the IP address add the following variable to the WebGoat/webgoat-container/src/main/resources/application.properties file:

server.address=x.x.x.x

4. Run with custom menu

For specialist only. There is a way to set up WebGoat with a personalized menu. You can leave out some menu categories or individual lessons by setting certain environment variables.

For instance running as a jar on a Linux/macOS it will look like this:

export EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE"
export EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations"
java -jar target/webgoat-2023.3-SNAPSHOT.jar

Or in a docker run it would (once this version is pushed into docker hub) look like this:

docker run -d -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE" -e EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations" webgoat/webgoat

webgoat's People

Contributors

nbaars avatar misfir3 avatar mayhew64 avatar zubcevic avatar dougmorato avatar luisillobret2 avatar benediktstuhrmann avatar dependabot[bot] avatar aolle avatar philippesteinbach avatar lawson89 avatar maxgeldner avatar dcowden avatar commjoen avatar matthias-g avatar eliedebrauwer avatar act-ive avatar zupzup avatar nicholasparks avatar thiswayman avatar rjclancy avatar ottijp avatar robiq avatar gravis avatar avivmu avatar rubiev avatar nparks-owasp avatar magicansk avatar johannesegger avatar aloney avatar

webgoat's Issues

commons-text-1.9.jar: 1 vulnerabilities (highest severity is: 8.9) non-reachable - autoclosed

Vulnerable Library - commons-text-1.9.jar

Apache Commons Text is a library focused on algorithms working on strings.

Library home page: https://commons.apache.org/proper/commons-text

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-text/1.9/commons-text-1.9.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (commons-text version) Remediation Possible** Reachability
CVE-2022-42889 High 8.9 Proof of concept 96.7% commons-text-1.9.jar Direct 1.10.0 โœ…

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-42889

Vulnerable Library - commons-text-1.9.jar

Apache Commons Text is a library focused on algorithms working on strings.

Library home page: https://commons.apache.org/proper/commons-text

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-text/1.9/commons-text-1.9.jar

Dependency Hierarchy:

  • โŒ commons-text-1.9.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

The vulnerable code is not reachable.

Vulnerability Details

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

Publish Date: 2022-10-13

URL: CVE-2022-42889

Threat Assessment

Exploit Maturity: Proof of concept

EPSS: 96.7%

CVSS 4 Score Details (8.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.openwall.com/lists/oss-security/2022/10/13/4

Release Date: 2022-10-13

Fix Resolution: 1.10.0

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

License Policy Violation detected in hibernate-core-5.6.9.Final.jar - autoclosed

License Policy Violation detected in hibernate-core-5.6.9.Final.jar

Library - hibernate-core-5.6.9.Final.jar

Hibernate's core ORM functionality

Library home page: https://hibernate.org/orm

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/org/hibernate/hibernate-core/5.6.9.Final/hibernate-core-5.6.9.Final.jar

Dependency Hierarchy:

  • spring-boot-starter-data-jpa-2.7.1.jar (Root Library)
    • โŒ hibernate-core-5.6.9.Final.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

LGPL 2.1
License Reference File: https://index.whitesourcesoftware.com/gri/app/reader/resource/content/asString/1bf4c983-4eda-4b2c-892b-61994f7a4bca

ย ย ย  โ›” License Policy Violation - Block GPL

License Policy Violation detected in jakarta.annotation-api-1.3.5.jar

License Policy Violation detected in jakarta.annotation-api-1.3.5.jar

Library - jakarta.annotation-api-1.3.5.jar

Jakarta Annotations API

Library home page: https://www.eclipse.org

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.18.jar (Root Library)
    • spring-boot-starter-2.7.18.jar
      • โŒ jakarta.annotation-api-1.3.5.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

Eclipse 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9941c477-e78f-4c89-a4cb-783c6f7cb3f6

GPL 2.0 Classpath
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/493e2b39-3aad-4c39-9220-50f83cb66b5e

ย ย ย  โ›” License Policy Violation - Block GPL

commons-io-2.6.jar: 1 vulnerabilities (highest severity is: 6.3) reachable - autoclosed

Vulnerable Library - commons-io-2.6.jar

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (commons-io version) Remediation Possible** Reachability
CVE-2021-29425 Medium 6.3 Not Defined 0.2% commons-io-2.6.jar Direct 2.7 โœ…

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-29425

Vulnerable Library - commons-io-2.6.jar

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.6/commons-io-2.6.jar

Dependency Hierarchy:

  • โŒ commons-io-2.6.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.lessons.pathtraversal.ProfileUploadBase (Application)
  -> โŒ org.apache.commons.io.FilenameUtils (Vulnerable Component)

Vulnerability Details

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Publish Date: 2021-04-13

URL: CVE-2021-29425

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (6.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425

Release Date: 2021-04-13

Fix Resolution: 2.7

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

jose4j-0.7.6.jar: 2 vulnerabilities (highest severity is: 8.7) reachable - autoclosed

Vulnerable Library - jose4j-0.7.6.jar

The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK). It is written in Java and relies solely on the JCA APIs for cryptography. Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..

Library home page: https://bitbucket.org/b_c/jose4j/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/bitbucket/b_c/jose4j/0.7.6/jose4j-0.7.6.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (jose4j version) Remediation Possible** Reachability
CVE-2023-31582 High 8.7 Not Defined 0.0% jose4j-0.7.6.jar Direct 0.9.3 โœ…
WS-2023-0116 Medium 6.9 Not Defined jose4j-0.7.6.jar Direct 0.9.3 โœ…

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-31582

Vulnerable Library - jose4j-0.7.6.jar

The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK). It is written in Java and relies solely on the JCA APIs for cryptography. Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..

Library home page: https://bitbucket.org/b_c/jose4j/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/bitbucket/b_c/jose4j/0.7.6/jose4j-0.7.6.jar

Dependency Hierarchy:

  • โŒ jose4j-0.7.6.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.

Publish Date: 2023-10-25

URL: CVE-2023-31582

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then

Release Date: 2023-10-25

Fix Resolution: 0.9.3

In order to enable automatic remediation, please create workflow rules

WS-2023-0116

Vulnerable Library - jose4j-0.7.6.jar

The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK). It is written in Java and relies solely on the JCA APIs for cryptography. Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..

Library home page: https://bitbucket.org/b_c/jose4j/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/bitbucket/b_c/jose4j/0.7.6/jose4j-0.7.6.jar

Dependency Hierarchy:

  • โŒ jose4j-0.7.6.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.webwolf.jwt.JWTToken (Application)
  -> org.jose4j.jws.JsonWebSignature (Extension)
   -> org.jose4j.jwa.AlgorithmFactoryFactory (Extension)
    -> org.jose4j.jwe.RsaKeyManagementAlgorithm (Extension)
     -> โŒ org.jose4j.jwe.WrappingKeyManagementAlgorithm (Vulnerable Component)

Vulnerability Details

RSA1_5 in jose4j is susceptible to chosen ciphertext attacks. The
attack allows to decrypt RSA1_5 or RSA_OAEP encrypted ciphertexts. It may be feasible to sign with affected keys.

Publish Date: 2023-04-27

URL: WS-2023-0116

Threat Assessment

Exploit Maturity: Not Defined

EPSS:

CVSS 4 Score Details (6.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jgvc-jfgh-rjvv

Release Date: 2023-04-27

Fix Resolution: 0.9.3

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

License Policy Violation detected in jakarta.websocket-api-1.1.2.jar

License Policy Violation detected in jakarta.websocket-api-1.1.2.jar

Library - jakarta.websocket-api-1.1.2.jar

Jakarta WebSocket - Server API

Library home page: https://www.eclipse.org

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/jakarta/websocket/jakarta.websocket-api/1.1.2/jakarta.websocket-api-1.1.2.jar

Dependency Hierarchy:

  • spring-boot-starter-undertow-2.7.18.jar (Root Library)
    • โŒ jakarta.websocket-api-1.1.2.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

Eclipse 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9941c477-e78f-4c89-a4cb-783c6f7cb3f6

GPL 2.0 Classpath
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/493e2b39-3aad-4c39-9220-50f83cb66b5e

ย ย ย  โ›” License Policy Violation - Block GPL

jsoup-1.14.3.jar: 1 vulnerabilities (highest severity is: 5.3) reachable - autoclosed

Vulnerable Library - jsoup-1.14.3.jar

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

Library home page: https://jsoup.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jsoup/jsoup/1.14.3/jsoup-1.14.3.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (jsoup version) Remediation Possible** Reachability
CVE-2022-36033 Medium 5.3 Not Defined 0.1% jsoup-1.14.3.jar Direct 1.15.3 โœ…

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-36033

Vulnerable Library - jsoup-1.14.3.jar

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

Library home page: https://jsoup.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jsoup/jsoup/1.14.3/jsoup-1.14.3.jar

Dependency Hierarchy:

  • โŒ jsoup-1.14.3.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.lessons.xss.CrossSiteScriptingLesson3 (Application)
  -> org.jsoup.Jsoup (Extension)
   -> org.jsoup.safety.Cleaner (Extension)
    -> org.jsoup.nodes.Node (Extension)
     -> โŒ org.jsoup.internal.StringUtil (Vulnerable Component)

Vulnerability Details

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default SafeList.preserveRelativeLinks option is enabled, HTML including javascript: URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable SafeList.preserveRelativeLinks, which will rewrite input URLs as absolute URLs - ensure an appropriate Content Security Policy is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)

Publish Date: 2022-08-29

URL: CVE-2022-36033

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-gp7f-rwcx-9369

Release Date: 2022-08-29

Fix Resolution: 1.15.3

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

spring-boot-starter-thymeleaf-2.7.18.jar: 1 vulnerabilities (highest severity is: 7.7) unreachable

Vulnerable Library - spring-boot-starter-thymeleaf-2.7.18.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.15.RELEASE/thymeleaf-3.0.15.RELEASE.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (spring-boot-starter-thymeleaf version) Remediation Possible** Reachability
CVE-2023-38286 High 7.7 Not Defined 0.1% thymeleaf-3.0.15.RELEASE.jar Transitive N/A* โŒ

Unreachable

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-38286

Vulnerable Library - thymeleaf-3.0.15.RELEASE.jar

Modern server-side Java template engine for both web and standalone environments

Library home page: http://www.thymeleaf.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.15.RELEASE/thymeleaf-3.0.15.RELEASE.jar

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.18.jar (Root Library)
    • thymeleaf-spring5-3.0.15.RELEASE.jar
      • โŒ thymeleaf-3.0.15.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Publish Date: 2023-07-14

URL: CVE-2023-38286

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (7.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7gj7-224w-vpr3

Release Date: 2023-07-14

Fix Resolution: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE

License Policy Violation detected in jruby-stdlib-9.3.6.0.jar

License Policy Violation detected in jruby-stdlib-9.3.6.0.jar

Library - jruby-stdlib-9.3.6.0.jar

Library home page: https://www.jruby.org

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/org/jruby/jruby-stdlib/9.3.6.0/jruby-stdlib-9.3.6.0.jar

Dependency Hierarchy:

  • asciidoctorj-2.5.11.jar (Root Library)
    • jruby-9.3.6.0.jar
      • โŒ jruby-stdlib-9.3.6.0.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

Eclipse 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9941c477-e78f-4c89-a4cb-783c6f7cb3f6

GPL 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/e3c73e5b-69fc-4504-9f6c-4b980353c851

LGPL 2.1
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9cec02c3-f4b0-45b5-b43f-85fbb1af4798

ย ย ย  โ›” License Policy Violation - Block GPL

License Policy Violation detected in jakarta.transaction-api-1.3.3.jar

License Policy Violation detected in jakarta.transaction-api-1.3.3.jar

Library - jakarta.transaction-api-1.3.3.jar

Jakarta Transactions

Library home page: https://github.com/eclipse-ee4j

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/jakarta/transaction/jakarta.transaction-api/1.3.3/jakarta.transaction-api-1.3.3.jar

Dependency Hierarchy:

  • spring-boot-starter-data-jpa-2.7.18.jar (Root Library)
    • โŒ jakarta.transaction-api-1.3.3.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

Eclipse 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9941c477-e78f-4c89-a4cb-783c6f7cb3f6

GPL 2.0 Classpath
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/493e2b39-3aad-4c39-9220-50f83cb66b5e

ย ย ย  โ›” License Policy Violation - Block GPL

spring-boot-starter-undertow-2.7.1.jar: 6 vulnerabilities (highest severity is: 8.7) reachable - autoclosed

Vulnerable Library - spring-boot-starter-undertow-2.7.1.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (spring-boot-starter-undertow version) Remediation Possible** Reachability
CVE-2023-1108 High 8.7 Not Defined 0.1% undertow-core-2.2.18.Final.jar Transitive 2.7.12 โœ…
CVE-2022-0084 High 8.7 Not Defined 0.1% xnio-api-3.8.7.Final.jar Transitive N/A* โŒ

CVE-2022-2053 High 8.7 Not Defined 0.1% undertow-core-2.2.18.Final.jar Transitive N/A* โŒ

CVE-2022-4492 High 8.7 Not Defined 0.1% undertow-core-2.2.18.Final.jar Transitive 2.7.12 โœ…

CVE-2023-3223 High 8.7 Not Defined 1.8% undertow-servlet-2.2.18.Final.jar Transitive 2.7.15 โœ…

CVE-2022-1259 High 8.7 Not Defined 0.1% undertow-core-2.2.18.Final.jar Transitive 2.7.15 โœ…

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-1108

Vulnerable Library - undertow-core-2.2.18.Final.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.2.18.Final/undertow-core-2.2.18.Final.jar

Dependency Hierarchy:

  • spring-boot-starter-undertow-2.7.1.jar (Root Library)
    • โŒ undertow-core-2.2.18.Final.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

Publish Date: 2023-09-14

URL: CVE-2023-1108

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-1108

Release Date: 2023-09-14

Fix Resolution (io.undertow:undertow-core): 2.2.24.Final

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.7.12

In order to enable automatic remediation, please create workflow rules

CVE-2022-0084

Vulnerable Library - xnio-api-3.8.7.Final.jar

The API JAR of the XNIO project

Library home page: http://www.jboss.org/xnio

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar

Dependency Hierarchy:

  • spring-boot-starter-undertow-2.7.1.jar (Root Library)
    • undertow-core-2.2.18.Final.jar
      • โŒ xnio-api-3.8.7.Final.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.lessons.csrf.CSRFGetFlag (Application)
  -> org.eclipse.jetty.servlet.Invoker$InvokedRequest (Extension)
   -> org.eclipse.jetty.server.Dispatcher (Extension)
    -> io.undertow.Handlers (Extension)
    ...
      -> io.undertow.UndertowLogger_$logger (Extension)
       -> io.undertow.protocols.ssl.SslConduit (Extension)
        -> โŒ org.xnio.StreamConnection (Vulnerable Component)

Vulnerability Details

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.

Publish Date: 2022-08-26

URL: CVE-2022-0084

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-08-26

Fix Resolution: org.jboss.xnio:xnio-api:3.8.8.Final

CVE-2022-2053

Vulnerable Library - undertow-core-2.2.18.Final.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.2.18.Final/undertow-core-2.2.18.Final.jar

Dependency Hierarchy:

  • spring-boot-starter-undertow-2.7.1.jar (Root Library)
    • โŒ undertow-core-2.2.18.Final.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter (Extension)
   -> org.springframework.context.support.GenericGroovyApplicationContext (Extension)
    -> io.undertow.Handlers (Extension)
    ...
      -> io.undertow.server.protocol.ajp.AjpServerConnection (Extension)
       -> io.undertow.server.protocol.ajp.AjpReadListener (Extension)
        -> โŒ io.undertow.server.protocol.ajp.AjpServerRequestConduit (Vulnerable Component)

Vulnerability Details

When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.

Publish Date: 2022-08-05

URL: CVE-2022-2053

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-95rf-557x-44g5

Release Date: 2022-08-05

Fix Resolution: io.undertow:undertow-core:2.2.19.Final

CVE-2022-4492

Vulnerable Library - undertow-core-2.2.18.Final.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.2.18.Final/undertow-core-2.2.18.Final.jar

Dependency Hierarchy:

  • spring-boot-starter-undertow-2.7.1.jar (Root Library)
    • โŒ undertow-core-2.2.18.Final.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.lessons.csrf.CSRFGetFlag (Application)
  -> io.undertow.servlet.spec.HttpServletRequestImpl (Extension)
   -> io.undertow.servlet.api.Deployment (Extension)
    -> io.undertow.servlet.api.ServletContainer (Extension)
    ...
      -> io.undertow.servlet.core.ServletContainerImpl (Extension)
       -> io.undertow.servlet.core.DeploymentManagerImpl (Extension)
        -> โŒ io.undertow.security.impl.ClientCertAuthenticationMechanism (Vulnerable Component)

Vulnerability Details

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

Publish Date: 2023-02-23

URL: CVE-2022-4492

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-pfcc-3g6r-8rg8

Release Date: 2023-02-23

Fix Resolution (io.undertow:undertow-core): 2.2.24.Final

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.7.12

In order to enable automatic remediation, please create workflow rules

CVE-2023-3223

Vulnerable Library - undertow-servlet-2.2.18.Final.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-servlet/2.2.18.Final/undertow-servlet-2.2.18.Final.jar

Dependency Hierarchy:

  • spring-boot-starter-undertow-2.7.1.jar (Root Library)
    • โŒ undertow-servlet-2.2.18.Final.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.lessons.hijacksession.HijackSessionAssignment (Application)
  -> io.undertow.servlet.spec.HttpServletResponseImpl (Extension)
   -> โŒ io.undertow.servlet.spec.ServletOutputStreamImpl (Vulnerable Component)

Vulnerability Details

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

Publish Date: 2023-09-27

URL: CVE-2023-3223

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.8%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=2209689

Release Date: 2023-09-27

Fix Resolution (io.undertow:undertow-servlet): 2.2.26.Final

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.7.15

In order to enable automatic remediation, please create workflow rules

CVE-2022-1259

Vulnerable Library - undertow-core-2.2.18.Final.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/undertow/undertow-core/2.2.18.Final/undertow-core-2.2.18.Final.jar

Dependency Hierarchy:

  • spring-boot-starter-undertow-2.7.1.jar (Root Library)
    • โŒ undertow-core-2.2.18.Final.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.lessons.csrf.CSRFGetFlag (Application)
  -> org.eclipse.jetty.security.authentication.FormAuthenticator$FormRequest (Extension)
   -> org.eclipse.jetty.security.authentication.FormAuthenticator (Extension)
    -> io.undertow.websockets.client.WebSocketClient$ConnectionBuilder (Extension)
    ...
      -> io.undertow.client.UndertowClient$1 (Extension)
       -> io.undertow.client.http2.Http2ClientConnection (Extension)
        -> โŒ io.undertow.protocols.http2.Http2StreamSinkChannel (Vulnerable Component)

Vulnerability Details

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

Publish Date: 2022-08-31

URL: CVE-2022-1259

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-08-31

Fix Resolution (io.undertow:undertow-core): 2.2.26.Final

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-undertow): 2.7.15

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

guava-30.1-jre.jar: 1 vulnerabilities (highest severity is: 6.8) unreachable

Vulnerable Library - guava-30.1-jre.jar

Guava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more.

Library home page: https://github.com/google/guava

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/30.1-jre/guava-30.1-jre.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (guava version) Remediation Possible** Reachability
CVE-2023-2976 Medium 6.8 Not Defined 0.0% guava-30.1-jre.jar Direct 32.0.1-android โœ…

Unreachable

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-2976

Vulnerable Library - guava-30.1-jre.jar

Guava is a suite of core and expanded libraries that include utility classes, Google's collections, I/O classes, and much more.

Library home page: https://github.com/google/guava

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/30.1-jre/guava-30.1-jre.jar

Dependency Hierarchy:

  • โŒ guava-30.1-jre.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

Mend Note: Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

Publish Date: 2023-06-14

URL: CVE-2023-2976

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (6.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7g45-4rm6-3mm3

Release Date: 2023-06-14

Fix Resolution: 32.0.1-android

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

spring-boot-starter-web-2.7.1.jar: 5 vulnerabilities (highest severity is: 9.3) reachable - autoclosed

Vulnerable Library - spring-boot-starter-web-2.7.1.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.3.21/spring-webmvc-5.3.21.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (spring-boot-starter-web version) Remediation Possible** Reachability
CVE-2016-1000027 Critical 9.3 Not Defined 2.4% spring-web-5.3.21.jar Transitive 3.0.0 โœ…

CVE-2022-42004 High 8.7 Not Defined 0.2% jackson-databind-2.13.3.jar Transitive 2.7.4 โœ…

CVE-2022-42003 High 8.7 Not Defined 0.2% jackson-databind-2.13.3.jar Transitive 2.7.9 โœ…

CVE-2023-20860 High 8.7 Not Defined 0.1% spring-webmvc-5.3.21.jar Transitive 2.7.10 โœ…

CVE-2024-22243 Medium 5.5 Not Defined spring-web-5.3.21.jar Transitive N/A* โŒ

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2016-1000027

Vulnerable Library - spring-web-5.3.21.jar

Spring Web

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.21/spring-web-5.3.21.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.1.jar (Root Library)
    • spring-boot-starter-json-2.7.1.jar
      • โŒ spring-web-5.3.21.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

The vulnerable code is not reachable.

Vulnerability Details

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Mend Note: After conducting further research, Mend has determined that all versions of spring-web up to version 6.0.0 are vulnerable to CVE-2016-1000027.

Publish Date: 2020-01-02

URL: CVE-2016-1000027

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 2.4%

CVSS 4 Score Details (9.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-4wrc-f8pq-fpqp

Release Date: 2020-01-02

Fix Resolution (org.springframework:spring-web): 6.0.0

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-42004

Vulnerable Library - jackson-databind-2.13.3.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.1.jar (Root Library)
    • spring-boot-starter-json-2.7.1.jar
      • โŒ jackson-databind-2.13.3.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.lessons.csrf.CSRFFeedback (Application)
  -> com.fasterxml.jackson.databind.ObjectMapper (Extension)
   -> com.fasterxml.jackson.databind.deser.BeanDeserializerFactory (Extension)
    -> โŒ com.fasterxml.jackson.databind.deser.BeanDeserializer (Vulnerable Component)

Vulnerability Details

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Publish Date: 2022-10-02

URL: CVE-2022-42004

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-02

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.13.4

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.7.4

In order to enable automatic remediation, please create workflow rules

CVE-2022-42003

Vulnerable Library - jackson-databind-2.13.3.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.1.jar (Root Library)
    • spring-boot-starter-json-2.7.1.jar
      • โŒ jackson-databind-2.13.3.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.lessons.csrf.CSRFFeedback (Application)
  -> com.fasterxml.jackson.databind.ObjectMapper (Extension)
   -> com.fasterxml.jackson.databind.deser.BeanDeserializerFactory (Extension)
    -> com.fasterxml.jackson.databind.deser.impl.UnsupportedTypeDeserializer (Extension)
     -> โŒ com.fasterxml.jackson.databind.deser.std.StdDeserializer (Vulnerable Component)

Vulnerability Details

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

Publish Date: 2022-10-02

URL: CVE-2022-42003

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-02

Fix Resolution (com.fasterxml.jackson.core:jackson-databind): 2.13.4.1

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.7.9

In order to enable automatic remediation, please create workflow rules

CVE-2023-20860

Vulnerable Library - spring-webmvc-5.3.21.jar

Spring Web MVC

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.3.21/spring-webmvc-5.3.21.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.1.jar (Root Library)
    • โŒ spring-webmvc-5.3.21.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.webwolf.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$OptionalPathExtensionContentNegotiationStrategy (Extension)
    -> org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration (Extension)
    ...
      -> org.springframework.web.servlet.config.annotation.DelegatingWebMvcConfiguration (Extension)
       -> org.springframework.web.servlet.handler.HandlerMappingIntrospector (Extension)
        -> โŒ org.springframework.web.servlet.handler.PathPatternMatchableHandlerMapping (Vulnerable Component)

Vulnerability Details

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.

Publish Date: 2023-03-27

URL: CVE-2023-20860

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/blog/2023/03/21/this-week-in-spring-march-21st-2023/

Release Date: 2023-03-27

Fix Resolution (org.springframework:spring-webmvc): 5.3.26

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 2.7.10

In order to enable automatic remediation, please create workflow rules

CVE-2024-22243

Vulnerable Library - spring-web-5.3.21.jar

Spring Web

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.21/spring-web-5.3.21.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.1.jar (Root Library)
    • spring-boot-starter-json-2.7.1.jar
      • โŒ spring-web-5.3.21.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.lessons.hijacksession.HijackSessionAssignment (Application)
  -> org.springframework.web.servlet.function.DefaultEntityResponseBuilder$PublisherEntityResponse$NoContentLengthResponseWrapper (Extension)
   -> org.springframework.web.servlet.function.DefaultEntityResponseBuilder$PublisherEntityResponse (Extension)
    -> org.springframework.web.servlet.function.ServerRequest (Extension)
     -> org.springframework.web.servlet.function.DefaultServerRequest (Extension)
      -> org.springframework.web.servlet.support.ServletUriComponentsBuilder (Extension)
       -> โŒ org.springframework.web.util.UriComponentsBuilder (Vulnerable Component)

Vulnerability Details

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks.

Publish Date: 2024-01-08

URL: CVE-2024-22243

Threat Assessment

Exploit Maturity: Not Defined

EPSS:

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22243

Release Date: 2024-01-08

Fix Resolution: org.springframework:spring-web:5.3.32,6.0.17,6.1.4

In order to enable automatic remediation for this issue, please create workflow rules

spring-boot-starter-validation-2.7.1.jar: 13 vulnerabilities (highest severity is: 9.3) reachable - autoclosed

Vulnerable Library - spring-boot-starter-validation-2.7.1.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (spring-boot-starter-validation version) Remediation Possible** Reachability
CVE-2022-1471 Critical 9.3 Not Defined 0.6% snakeyaml-1.30.jar Transitive 3.2.0 โœ…

CVE-2022-25857 High 8.7 Not Defined 0.1% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

CVE-2023-6481 High 8.7 Not Defined 0.0% logback-core-1.2.11.jar Transitive 3.0.0 โœ…
CVE-2023-20883 High 8.7 Not Defined 0.1% spring-boot-autoconfigure-2.7.1.jar Transitive 2.7.12 โœ…

CVE-2023-6378 High 8.7 Not Defined 0.0% logback-classic-1.2.11.jar Transitive 3.0.0 โœ…

CVE-2022-41854 High 7.1 Not Defined 0.1% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

CVE-2023-34055 High 7.1 Not Defined 0.0% spring-boot-2.7.1.jar Transitive 2.7.18 โœ…
CVE-2023-20861 High 7.1 Not Defined 0.1% spring-expression-5.3.21.jar Transitive 2.7.10 โœ…

CVE-2022-38752 High 7.1 Not Defined 0.1% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

CVE-2022-38751 High 7.1 Not Defined 0.1% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

CVE-2023-20863 High 7.1 Not Defined 0.2% spring-expression-5.3.21.jar Transitive 2.7.12 โœ…

CVE-2022-38749 High 7.1 Not Defined 0.1% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

CVE-2022-38750 Medium 6.8 Not Defined 0.0% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-1471

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token (Extension)
    ...
      -> org.springframework.boot.json.YamlJsonParser (Extension)
       -> org.springframework.boot.json.YamlJsonParser$TypeLimitedConstructor (Extension)
        -> โŒ org.yaml.snakeyaml.constructor.Constructor (Vulnerable Component)

Vulnerability Details

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.ย Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Publish Date: 2022-12-01

URL: CVE-2022-1471

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.6%

CVSS 4 Score Details (9.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374

Release Date: 2022-12-01

Fix Resolution (org.yaml:snakeyaml): 2.0

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.2.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-25857

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token (Extension)
    ...
      -> org.springframework.boot.json.YamlJsonParser (Extension)
       -> org.yaml.snakeyaml.constructor.BaseConstructor (Extension)
        -> โŒ org.yaml.snakeyaml.composer.Composer (Vulnerable Component)

Vulnerability Details

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Publish Date: 2022-08-30

URL: CVE-2022-25857

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857

Release Date: 2022-08-30

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2023-6481

Vulnerable Library - logback-core-1.2.11.jar

logback-core module

Library home page: http://logback.qos.ch

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.11/logback-core-1.2.11.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • spring-boot-starter-logging-2.7.1.jar
        • logback-classic-1.2.11.jar
          • โŒ logback-core-1.2.11.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

A serialization vulnerability in logback receiver component part of
logback version 1.4.13,ย 1.3.13 andย 1.2.12 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.

Publish Date: 2023-12-04

URL: CVE-2023-6481

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-6481

Release Date: 2023-12-04

Fix Resolution (ch.qos.logback:logback-core): 1.3.0-alpha0

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2023-20883

Vulnerable Library - spring-boot-autoconfigure-2.7.1.jar

Spring Boot AutoConfigure

Library home page: https://spring.io/projects/spring-boot

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.1/spring-boot-autoconfigure-2.7.1.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • โŒ spring-boot-autoconfigure-2.7.1.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$OptionalPathExtensionContentNegotiationStrategy (Extension)
    -> org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration (Extension)
     -> โŒ org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration$EnableWebMvcConfiguration (Vulnerable Component)

Vulnerability Details

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.

Publish Date: 2023-05-26

URL: CVE-2023-20883

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20883

Release Date: 2023-05-26

Fix Resolution (org.springframework.boot:spring-boot-autoconfigure): 2.7.12

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 2.7.12

In order to enable automatic remediation, please create workflow rules

CVE-2023-6378

Vulnerable Library - logback-classic-1.2.11.jar

logback-classic module

Library home page: http://logback.qos.ch

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.11/logback-classic-1.2.11.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • spring-boot-starter-logging-2.7.1.jar
        • โŒ logback-classic-1.2.11.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> ch.qos.logback.classic.selector.servlet.LoggerContextFilter (Extension)
    -> ch.qos.logback.classic.joran.JoranConfigurator (Extension)
    ...
      -> ch.qos.logback.classic.net.SocketAppender (Extension)
       -> ch.qos.logback.classic.net.LoggingEventPreSerializationTransformer (Extension)
        -> โŒ ch.qos.logback.classic.spi.LoggingEventVO (Vulnerable Component)

Vulnerability Details

A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.

Publish Date: 2023-11-29

URL: CVE-2023-6378

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://logback.qos.ch/news.html#1.3.12

Release Date: 2023-11-29

Fix Resolution (ch.qos.logback:logback-classic): 1.3.12

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-41854

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.servlet.CloudFoundrySecurityInterceptor (Extension)
    ...
      -> org.springframework.boot.json.JsonParserFactory (Extension)
       -> org.springframework.boot.json.YamlJsonParser (Extension)
        -> โŒ org.yaml.snakeyaml.constructor.BaseConstructor (Vulnerable Component)

Vulnerability Details

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

Publish Date: 2022-11-11

URL: CVE-2022-41854

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/531/

Release Date: 2022-11-11

Fix Resolution (org.yaml:snakeyaml): 1.32

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2023-34055

Vulnerable Library - spring-boot-2.7.1.jar

Spring Boot

Library home page: https://spring.io/projects/spring-boot

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.7.1/spring-boot-2.7.1.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • โŒ spring-boot-2.7.1.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

  • the application uses Spring MVC or Spring WebFlux
  • org.springframework.boot:spring-boot-actuatorย is on the classpath

Publish Date: 2023-11-28

URL: CVE-2023-34055

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-34055

Release Date: 2023-11-28

Fix Resolution (org.springframework.boot:spring-boot): 2.7.18

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 2.7.18

In order to enable automatic remediation, please create workflow rules

CVE-2023-20861

Vulnerable Library - spring-expression-5.3.21.jar

Spring Expression Language (SpEL)

Library home page: https://github.com/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.21/spring-expression-5.3.21.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • spring-boot-2.7.1.jar
        • spring-context-5.3.21.jar
          • โŒ spring-expression-5.3.21.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser$AuthenticationManagerDelegator (Extension)
   -> org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser (Extension)
    -> org.springframework.security.access.expression.method.PreInvocationExpressionAttribute (Extension)
    ...
      -> org.springframework.expression.spel.standard.SpelExpressionParser (Extension)
       -> org.springframework.expression.spel.standard.SpelExpression (Extension)
        -> โŒ org.springframework.expression.spel.SpelMessage (Vulnerable Component)

Vulnerability Details

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Publish Date: 2023-03-23

URL: CVE-2023-20861

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20861

Release Date: 2023-03-23

Fix Resolution (org.springframework:spring-expression): 5.3.26

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 2.7.10

In order to enable automatic remediation, please create workflow rules

CVE-2022-38752

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.servlet.TokenValidator (Extension)
    ...
      -> org.springframework.boot.json.JsonParserFactory (Extension)
       -> org.springframework.boot.json.YamlJsonParser (Extension)
        -> โŒ org.yaml.snakeyaml.Yaml (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

Publish Date: 2022-09-05

URL: CVE-2022-38752

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-9w3m-gqgf-c4p9

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.32

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-38751

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token (Extension)
    ...
      -> org.springframework.boot.json.YamlJsonParser (Extension)
       -> org.yaml.snakeyaml.constructor.BaseConstructor (Extension)
        -> โŒ org.yaml.snakeyaml.composer.Composer (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38751

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2023-20863

Vulnerable Library - spring-expression-5.3.21.jar

Spring Expression Language (SpEL)

Library home page: https://github.com/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.21/spring-expression-5.3.21.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • spring-boot-2.7.1.jar
        • spring-context-5.3.21.jar
          • โŒ spring-expression-5.3.21.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser$AuthenticationManagerDelegator (Extension)
   -> org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser (Extension)
    -> org.springframework.security.access.expression.method.PreInvocationExpressionAttribute (Extension)
    ...
      -> org.springframework.expression.spel.standard.SpelExpressionParser (Extension)
       -> org.springframework.expression.spel.standard.SpelExpression (Extension)
        -> โŒ org.springframework.expression.spel.SpelMessage (Vulnerable Component)

Vulnerability Details

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

Publish Date: 2023-04-13

URL: CVE-2023-20863

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20863

Release Date: 2023-04-13

Fix Resolution (org.springframework:spring-expression): 5.3.27

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 2.7.12

In order to enable automatic remediation, please create workflow rules

CVE-2022-38749

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token (Extension)
    ...
      -> org.springframework.boot.json.YamlJsonParser (Extension)
       -> org.yaml.snakeyaml.constructor.BaseConstructor (Extension)
        -> โŒ org.yaml.snakeyaml.LoaderOptions (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38749

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-38750

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token (Extension)
    ...
      -> org.springframework.boot.json.YamlJsonParser (Extension)
       -> org.yaml.snakeyaml.constructor.BaseConstructor (Extension)
        -> โŒ org.yaml.snakeyaml.composer.Composer (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38750

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (6.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

spring-boot-starter-actuator-2.7.1.jar: 1 vulnerabilities (highest severity is: 9.3) reachable - autoclosed

Vulnerable Library - spring-boot-starter-actuator-2.7.1.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.7.1/spring-boot-actuator-autoconfigure-2.7.1.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (spring-boot-starter-actuator version) Remediation Possible** Reachability
CVE-2023-20873 Critical 9.3 Not Defined 0.4% spring-boot-actuator-autoconfigure-2.7.1.jar Transitive 2.7.12 โœ…

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-20873

Vulnerable Library - spring-boot-actuator-autoconfigure-2.7.1.jar

Spring Boot Actuator AutoConfigure

Library home page: https://spring.io/projects/spring-boot

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-actuator-autoconfigure/2.7.1/spring-boot-actuator-autoconfigure-2.7.1.jar

Dependency Hierarchy:

  • spring-boot-starter-actuator-2.7.1.jar (Root Library)
    • โŒ spring-boot-actuator-autoconfigure-2.7.1.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.servlet.CloudFoundryActuatorAutoConfiguration$IgnoredCloudFoundryPathsWebSecurityCustomizer (Extension)
     -> โŒ org.springframework.boot.actuate.autoconfigure.cloudfoundry.servlet.CloudFoundryActuatorAutoConfiguration (Vulnerable Component)

Vulnerability Details

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.

Publish Date: 2023-04-20

URL: CVE-2023-20873

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.4%

CVSS 4 Score Details (9.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20873

Release Date: 2023-04-20

Fix Resolution (org.springframework.boot:spring-boot-actuator-autoconfigure): 2.7.12

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-actuator): 2.7.12

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

License Policy Violation detected in jruby-base-9.3.6.0.jar

License Policy Violation detected in jruby-base-9.3.6.0.jar

Library - jruby-base-9.3.6.0.jar

Library home page: https://www.jruby.org

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/org/jruby/jruby-base/9.3.6.0/jruby-base-9.3.6.0.jar

Dependency Hierarchy:

  • asciidoctorj-2.5.11.jar (Root Library)
    • jruby-9.3.6.0.jar
      • โŒ jruby-base-9.3.6.0.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

Eclipse 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9941c477-e78f-4c89-a4cb-783c6f7cb3f6

GPL 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/e3c73e5b-69fc-4504-9f6c-4b980353c851

LGPL 2.1
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9cec02c3-f4b0-45b5-b43f-85fbb1af4798

ย ย ย  โ›” License Policy Violation - Block GPL

License Policy Violation detected in jnr-posix-3.1.15.jar

License Policy Violation detected in jnr-posix-3.1.15.jar

Library - jnr-posix-3.1.15.jar

Common cross-project/cross-platform POSIX APIs

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/com/github/jnr/jnr-posix/3.1.15/jnr-posix-3.1.15.jar

Dependency Hierarchy:

  • asciidoctorj-2.5.11.jar (Root Library)
    • jruby-9.3.6.0.jar
      • jruby-base-9.3.6.0.jar
        • jnr-unixsocket-0.38.17.jar
          • โŒ jnr-posix-3.1.15.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

Eclipse 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9941c477-e78f-4c89-a4cb-783c6f7cb3f6

GPL 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/e3c73e5b-69fc-4504-9f6c-4b980353c851

LGPL 2.1
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9cec02c3-f4b0-45b5-b43f-85fbb1af4798

ย ย ย  โ›” License Policy Violation - Block GPL

License Policy Violation detected in jruby-9.3.6.0.jar

License Policy Violation detected in jruby-9.3.6.0.jar

Library - jruby-9.3.6.0.jar

Library home page: https://www.jruby.org

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/org/jruby/jruby/9.3.6.0/jruby-9.3.6.0.jar

Dependency Hierarchy:

  • asciidoctorj-2.5.11.jar (Root Library)
    • โŒ jruby-9.3.6.0.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

Eclipse 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9941c477-e78f-4c89-a4cb-783c6f7cb3f6

GPL 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/e3c73e5b-69fc-4504-9f6c-4b980353c851

LGPL 2.1
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9cec02c3-f4b0-45b5-b43f-85fbb1af4798

ย ย ย  โ›” License Policy Violation - Block GPL

spring-boot-starter-web-2.7.18.jar: 6 vulnerabilities (highest severity is: 9.2) reachable

Vulnerable Library - spring-boot-starter-web-2.7.18.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar

Found in HEAD commit: 5a6b96992922373cbe7c1e705dc97184fb3e49e6

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (spring-boot-starter-web version) Remediation Possible** Reachability
CVE-2024-22262 High 8.6 Not Defined 0.1% spring-web-5.3.31.jar Transitive 3.0.0 โœ…

Reachable
CVE-2024-22259 High 8.6 Not Defined 0.1% spring-web-5.3.31.jar Transitive 3.0.0 โœ…

Reachable
CVE-2024-22243 High 8.6 Not Defined 0.1% spring-web-5.3.31.jar Transitive 3.0.0 โœ…

Reachable
CVE-2016-1000027 Critical 9.2 Not Defined 2.4% spring-web-5.3.31.jar Transitive 3.0.0 โœ…

Unreachable
CVE-2024-38816 High 8.7 Not Defined 0.0% spring-webmvc-5.3.31.jar Transitive 3.2.10 โœ…
CVE-2024-38809 Medium 6.9 Not Defined spring-web-5.3.31.jar Transitive 3.0.0 โœ…

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-22262

Vulnerable Library - spring-web-5.3.31.jar

Spring Web

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.18.jar (Root Library)
    • spring-boot-starter-json-2.7.18.jar
      • โŒ spring-web-5.3.31.jar (Vulnerable Library)

Found in HEAD commit: 5a6b96992922373cbe7c1e705dc97184fb3e49e6

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.webwolf.FileServer (Application)
  -> org.springframework.web.servlet.view.RedirectView (Extension)
   -> โŒ org.springframework.web.util.UriComponentsBuilder (Vulnerable Component)

Vulnerability Details

Applications that use UriComponentsBuilderย to parse an externally provided URL (e.g. through a query parameter) ANDย perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html ย attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 ย and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

Publish Date: 2024-04-16

URL: CVE-2024-22262

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22262

Release Date: 2024-04-16

Fix Resolution (org.springframework:spring-web): 5.3.34

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2024-22259

Vulnerable Library - spring-web-5.3.31.jar

Spring Web

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.18.jar (Root Library)
    • spring-boot-starter-json-2.7.18.jar
      • โŒ spring-web-5.3.31.jar (Vulnerable Library)

Found in HEAD commit: 5a6b96992922373cbe7c1e705dc97184fb3e49e6

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.webwolf.FileServer (Application)
  -> org.springframework.web.servlet.view.RedirectView (Extension)
   -> โŒ org.springframework.web.util.UriComponentsBuilder (Vulnerable Component)

Vulnerability Details

Applications that use UriComponentsBuilder in Spring Frameworkย to parse an externally provided URL (e.g. through a query parameter) ANDย perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html ย attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

Publish Date: 2024-03-16

URL: CVE-2024-22259

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22259

Release Date: 2024-03-16

Fix Resolution (org.springframework:spring-web): 5.3.33

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2024-22243

Vulnerable Library - spring-web-5.3.31.jar

Spring Web

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.18.jar (Root Library)
    • spring-boot-starter-json-2.7.18.jar
      • โŒ spring-web-5.3.31.jar (Vulnerable Library)

Found in HEAD commit: 5a6b96992922373cbe7c1e705dc97184fb3e49e6

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.webwolf.FileServer (Application)
  -> org.springframework.web.servlet.view.RedirectView (Extension)
   -> โŒ org.springframework.web.util.UriComponentsBuilder (Vulnerable Component)

Vulnerability Details

Applications that use UriComponentsBuilderย to parse an externally provided URL (e.g. through a query parameter) ANDย perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html ย attack or to a SSRF attack if the URL is used after passing validation checks.

Publish Date: 2024-02-23

URL: CVE-2024-22243

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (8.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-22243

Release Date: 2024-02-23

Fix Resolution (org.springframework:spring-web): 5.3.32

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2016-1000027

Vulnerable Library - spring-web-5.3.31.jar

Spring Web

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.18.jar (Root Library)
    • spring-boot-starter-json-2.7.18.jar
      • โŒ spring-web-5.3.31.jar (Vulnerable Library)

Found in HEAD commit: 5a6b96992922373cbe7c1e705dc97184fb3e49e6

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
Mend Note: After conducting further research, Mend has determined that all versions of spring-web up to version 6.0.0 are vulnerable to CVE-2016-1000027.

Publish Date: 2020-01-02

URL: CVE-2016-1000027

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 2.4%

CVSS 4 Score Details (9.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-4wrc-f8pq-fpqp

Release Date: 2020-01-02

Fix Resolution (org.springframework:spring-web): 6.0.0

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2024-38816

Vulnerable Library - spring-webmvc-5.3.31.jar

Spring Web MVC

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.18.jar (Root Library)
    • โŒ spring-webmvc-5.3.31.jar (Vulnerable Library)

Found in HEAD commit: 5a6b96992922373cbe7c1e705dc97184fb3e49e6

Found in base branch: main

Vulnerability Details

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Specifically, an application is vulnerable when both of the following are true:

  • the web application uses RouterFunctionsย to serve static resources
  • resource handling is explicitly configured with a FileSystemResourceย location

However, malicious requests are blocked and rejected when any of the following is true:

Publish Date: 2024-09-13

URL: CVE-2024-38816

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-38816

Release Date: 2024-09-13

Fix Resolution (org.springframework:spring-webmvc): 6.1.13

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.2.10

In order to enable automatic remediation, please create workflow rules

CVE-2024-38809

Vulnerable Library - spring-web-5.3.31.jar

Spring Web

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

  • spring-boot-starter-web-2.7.18.jar (Root Library)
    • spring-boot-starter-json-2.7.18.jar
      • โŒ spring-web-5.3.31.jar (Vulnerable Library)

Found in HEAD commit: 5a6b96992922373cbe7c1e705dc97184fb3e49e6

Found in base branch: main

Vulnerability Details

Spring Framework is vulnerable DoS via conditional HTTP request. Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to Denial of Service attack. All versions before 5.3.38, 6.0.23 and 6.1.12 are affected.

Publish Date: 2024-09-24

URL: CVE-2024-38809

Threat Assessment

Exploit Maturity: Not Defined

EPSS:

CVSS 4 Score Details (6.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-38809

Release Date: 2024-06-20

Fix Resolution (org.springframework:spring-web): 5.3.38

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-web): 3.0.0

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

xstream-1.4.5.jar: 35 vulnerabilities (highest severity is: 9.3) reachable

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (xstream version) Remediation Possible** Reachability
CVE-2013-7285 Critical 9.3 Not Defined 41.0% xstream-1.4.5.jar Direct 1.4.10-java7 โœ…

Reachable
CVE-2021-39154 Critical 9.0 Not Defined 3.0% xstream-1.4.5.jar Direct 1.4.18 โœ…

Reachable
CVE-2021-39153 Critical 9.0 Not Defined 3.0% xstream-1.4.5.jar Direct 1.4.18 โœ…

Reachable
CVE-2021-39152 Critical 9.0 Not Defined 1.9% xstream-1.4.5.jar Direct 1.4.18 โœ…

Reachable
CVE-2021-39151 Critical 9.0 Not Defined 3.0% xstream-1.4.5.jar Direct 1.4.18 โœ…

Reachable
CVE-2021-39149 Critical 9.0 Not Defined 3.0% xstream-1.4.5.jar Direct 1.4.18 โœ…

Reachable
CVE-2021-39148 Critical 9.0 Not Defined 3.0% xstream-1.4.5.jar Direct 1.4.18 โœ…

Reachable
CVE-2021-39147 Critical 9.0 Not Defined 3.0% xstream-1.4.5.jar Direct 1.4.18 โœ…

Reachable
CVE-2021-39146 Critical 9.0 Not Defined 21.3% xstream-1.4.5.jar Direct 1.4.18 โœ…

Reachable
CVE-2021-39145 Critical 9.0 Not Defined 1.9% xstream-1.4.5.jar Direct 1.4.18 โœ…

Reachable
CVE-2021-39144 Critical 9.0 High 96.7% xstream-1.4.5.jar Direct 1.4.18 โœ…

Reachable
CVE-2020-26259 High 8.9 Not Defined 57.6% xstream-1.4.5.jar Direct 1.4.14-jdk7 โœ…

Reachable
CVE-2020-26217 High 8.9 Not Defined 97.399994% xstream-1.4.5.jar Direct 1.4.13-java7 โœ…

Reachable
CVE-2022-41966 High 8.8 Not Defined 1.0% xstream-1.4.5.jar Direct 1.4.12-java7 โœ…

Reachable
CVE-2021-43859 High 8.7 Not Defined 1.5% xstream-1.4.5.jar Direct 1.4.6 โœ…

Reachable
CVE-2021-21341 High 8.7 Not Defined 1.1% xstream-1.4.5.jar Direct 1.4.16 โœ…

Reachable
CVE-2017-7957 High 8.7 Not Defined 79.299995% xstream-1.4.5.jar Direct 1.4.10 โœ…

Reachable
CVE-2020-26258 High 8.3 Not Defined 90.200005% xstream-1.4.5.jar Direct 1.4.14-jdk7 โœ…

Reachable
CVE-2021-29505 High 7.7 Not Defined 4.7% xstream-1.4.5.jar Direct 1.4.17 โœ…

Reachable
CVE-2021-39140 High 7.1 Not Defined 1.8% xstream-1.4.5.jar Direct 1.4.18 โœ…

Reachable
CVE-2021-21349 High 7.0 Not Defined 1.5% xstream-1.4.5.jar Direct 1.4.16 โœ…

Reachable
CVE-2021-21347 High 7.0 Not Defined 1.8% xstream-1.4.5.jar Direct 1.4.16 โœ…

Reachable
CVE-2021-21346 High 7.0 Not Defined 1.8% xstream-1.4.5.jar Direct 1.4.16 โœ…

Reachable
CVE-2021-21345 Medium 6.9 Not Defined 33.399998% xstream-1.4.5.jar Direct 1.4.16 โœ…

Reachable
CVE-2021-21351 Medium 6.8 Not Defined 60.5% xstream-1.4.5.jar Direct 1.4.16 โœ…

Reachable
CVE-2021-21350 Medium 6.0 Not Defined 1.8% xstream-1.4.5.jar Direct 1.4.16 โœ…

Reachable
CVE-2021-21348 Medium 6.0 Not Defined 2.3% xstream-1.4.5.jar Direct 1.4.16 โœ…

Reachable
CVE-2021-21344 Medium 6.0 Not Defined 1.8% xstream-1.4.5.jar Direct 1.4.16 โœ…

Reachable
CVE-2021-21343 Medium 6.0 Not Defined 0.5% xstream-1.4.5.jar Direct 1.4.16 โœ…

Reachable
CVE-2021-21342 Medium 6.0 Not Defined 1.0% xstream-1.4.5.jar Direct 1.4.16 โœ…

Reachable
CVE-2021-39150 Critical 9.0 Not Defined 1.3000001% xstream-1.4.5.jar Direct 1.4.18 โœ…

Unreachable
CVE-2021-39141 Critical 9.0 Not Defined 24.0% xstream-1.4.5.jar Direct 1.4.18 โœ…

Unreachable
CVE-2021-39139 Critical 9.0 Not Defined 3.5% xstream-1.4.5.jar Direct 1.4.18 โœ…

Unreachable
CVE-2016-3674 High 8.7 Not Defined 0.2% xstream-1.4.5.jar Direct 1.4.9 โœ…

Unreachable
CVE-2022-40151 High 7.1 Not Defined 0.8% xstream-1.4.5.jar Direct 1.4.20 โœ…

Unreachable

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (16 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2013-7285

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.

Publish Date: 2019-05-15

URL: CVE-2013-7285

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 41.0%

CVSS 4 Score Details (9.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7285

Release Date: 2019-05-15

Fix Resolution: 1.4.10-java7

In order to enable automatic remediation, please create workflow rules

CVE-2021-39154

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39154

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 3.0%

CVSS 4 Score Details (9.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-6w62-hx7r-mw68

Release Date: 2021-08-23

Fix Resolution: 1.4.18

In order to enable automatic remediation, please create workflow rules

CVE-2021-39153

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39153

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 3.0%

CVSS 4 Score Details (9.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

Release Date: 2021-08-23

Fix Resolution: 1.4.18

In order to enable automatic remediation, please create workflow rules

CVE-2021-39152

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.18.

Publish Date: 2021-08-23

URL: CVE-2021-39152

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.9%

CVSS 4 Score Details (9.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-xw4p-crpj-vjx2

Release Date: 2021-08-23

Fix Resolution: 1.4.18

In order to enable automatic remediation, please create workflow rules

CVE-2021-39151

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39151

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 3.0%

CVSS 4 Score Details (9.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hph2-m3g5-xxv4

Release Date: 2021-08-23

Fix Resolution: 1.4.18

In order to enable automatic remediation, please create workflow rules

CVE-2021-39149

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39149

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 3.0%

CVSS 4 Score Details (9.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3ccq-5vw3-2p6x

Release Date: 2021-08-23

Fix Resolution: 1.4.18

In order to enable automatic remediation, please create workflow rules

CVE-2021-39148

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39148

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 3.0%

CVSS 4 Score Details (9.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-qrx8-8545-4wg2

Release Date: 2021-08-23

Fix Resolution: 1.4.18

In order to enable automatic remediation, please create workflow rules

CVE-2021-39147

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39147

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 3.0%

CVSS 4 Score Details (9.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-h7v4-7xg3-hxcc

Release Date: 2021-08-23

Fix Resolution: 1.4.18

In order to enable automatic remediation, please create workflow rules

CVE-2021-39146

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39146

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 21.3%

CVSS 4 Score Details (9.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-p8pq-r894-fm8f

Release Date: 2021-08-23

Fix Resolution: 1.4.18

In order to enable automatic remediation, please create workflow rules

CVE-2021-39145

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39145

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.9%

CVSS 4 Score Details (9.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-8jrj-525p-826v

Release Date: 2021-08-23

Fix Resolution: 1.4.18

In order to enable automatic remediation, please create workflow rules

CVE-2021-39144

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39144

Threat Assessment

Exploit Maturity: High

EPSS: 96.7%

CVSS 4 Score Details (9.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-j9h8-phrw-h4fh

Release Date: 2021-08-23

Fix Resolution: 1.4.18

In order to enable automatic remediation, please create workflow rules

CVE-2020-26259

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.

Publish Date: 2020-12-16

URL: CVE-2020-26259

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 57.6%

CVSS 4 Score Details (8.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jfvx-7wrx-43fh

Release Date: 2020-12-16

Fix Resolution: 1.4.14-jdk7

In order to enable automatic remediation, please create workflow rules

CVE-2020-26217

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

Publish Date: 2020-11-16

URL: CVE-2020-26217

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 97.399994%

CVSS 4 Score Details (8.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-mw36-7c6c-q4q2

Release Date: 2020-11-16

Fix Resolution: 1.4.13-java7

In order to enable automatic remediation, please create workflow rules

CVE-2022-41966

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.

Publish Date: 2022-12-27

URL: CVE-2022-41966

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.0%

CVSS 4 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-j563-grx4-pjpv

Release Date: 2022-12-27

Fix Resolution: 1.4.12-java7

In order to enable automatic remediation, please create workflow rules

CVE-2021-43859

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.

Publish Date: 2022-02-01

URL: CVE-2021-43859

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.5%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-rmr5-cpv2-vgjf

Release Date: 2022-02-01

Fix Resolution: 1.4.6

In order to enable automatic remediation, please create workflow rules

CVE-2021-21341

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://xstream.codehaus.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/thoughtworks/xstream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • โŒ xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

com.thoughtworks.xstream.XStream (Application)
  -> โŒ org.owasp.webgoat.lessons.vulnerablecomponents.VulnerableComponentsLesson (Vulnerable Component)

Vulnerability Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Publish Date: 2021-03-22

URL: CVE-2021-21341

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-2p3x-qw9c-25hh

Release Date: 2021-03-22

Fix Resolution: 1.4.16

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

jquery-2.1.4.min.js: 4 vulnerabilities (highest severity is: 5.7)

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (jquery version) Remediation Possible** Reachability
CVE-2020-11023 Medium 5.7 Proof of concept 2.3% jquery-2.1.4.min.js Direct jquery - 3.5.0;jquery-rails - 4.4.0 โŒ
CVE-2020-11022 Medium 5.7 Proof of concept 6.3% jquery-2.1.4.min.js Direct jQuery - 3.5.0 โŒ
CVE-2015-9251 Medium 5.3 High 0.70000005% jquery-2.1.4.min.js Direct jQuery - 3.0.0 โŒ
CVE-2019-11358 Low 2.1 Proof of concept 2.4% jquery-2.1.4.min.js Direct jquery - 3.4.0 โŒ

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-11023

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js

Dependency Hierarchy:

  • โŒ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

Threat Assessment

Exploit Maturity: Proof of concept

EPSS: 2.3%

CVSS 4 Score Details (5.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

CVE-2020-11022

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js

Dependency Hierarchy:

  • โŒ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

Threat Assessment

Exploit Maturity: Proof of concept

EPSS: 6.3%

CVSS 4 Score Details (5.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

CVE-2015-9251

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js

Dependency Hierarchy:

  • โŒ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

Threat Assessment

Exploit Maturity: High

EPSS: 0.70000005%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - 3.0.0

CVE-2019-11358

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-2.1.4.min.js

Dependency Hierarchy:

  • โŒ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-19

URL: CVE-2019-11358

Threat Assessment

Exploit Maturity: Proof of concept

EPSS: 2.4%

CVSS 4 Score Details (2.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: jquery - 3.4.0

spring-boot-starter-thymeleaf-2.7.1.jar: 1 vulnerabilities (highest severity is: 7.7) - autoclosed

Vulnerable Library - spring-boot-starter-thymeleaf-2.7.1.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.15.RELEASE/thymeleaf-3.0.15.RELEASE.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (spring-boot-starter-thymeleaf version) Remediation Possible** Reachability
CVE-2023-38286 High 7.7 Not Defined 0.1% thymeleaf-3.0.15.RELEASE.jar Transitive N/A* โŒ

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-38286

Vulnerable Library - thymeleaf-3.0.15.RELEASE.jar

Modern server-side Java template engine for both web and standalone environments

Library home page: http://www.thymeleaf.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.15.RELEASE/thymeleaf-3.0.15.RELEASE.jar

Dependency Hierarchy:

  • spring-boot-starter-thymeleaf-2.7.1.jar (Root Library)
    • thymeleaf-spring5-3.0.15.RELEASE.jar
      • โŒ thymeleaf-3.0.15.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Publish Date: 2023-07-14

URL: CVE-2023-38286

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (7.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7gj7-224w-vpr3

Release Date: 2023-07-14

Fix Resolution: de.codecentric:spring-boot-admin-server:3.1.2;rg.thymeleaf:thymeleaf:3.1.2.RELEASE

License Policy Violation detected in logback-core-1.2.11.jar - autoclosed

License Policy Violation detected in logback-core-1.2.11.jar

Library - logback-core-1.2.11.jar

logback-core module

Library home page: http://logback.qos.ch

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.11/logback-core-1.2.11.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • spring-boot-starter-logging-2.7.1.jar
        • logback-classic-1.2.11.jar
          • โŒ logback-core-1.2.11.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

Eclipse 1.0
License Reference File: https://index.whitesourcesoftware.com/gri/app/reader/resource/content/asString/97520f9f-12e1-4194-ac15-3b9334fab118

LGPL 2.1
License Reference File: https://index.whitesourcesoftware.com/gri/app/reader/resource/content/asString/1bf4c983-4eda-4b2c-892b-61994f7a4bca

ย ย ย  โ›” License Policy Violation - Block GPL

spring-boot-starter-validation-2.7.18.jar: 10 vulnerabilities (highest severity is: 8.7) reachable

Vulnerable Library - spring-boot-starter-validation-2.7.18.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (spring-boot-starter-validation version) Remediation Possible** Reachability
CVE-2022-25857 High 8.7 Not Defined 0.2% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

Reachable
CVE-2022-1471 High 8.7 Not Defined 2.1% snakeyaml-1.30.jar Transitive 3.2.0 โœ…

Reachable
CVE-2023-6378 High 8.2 Not Defined 0.0% logback-classic-1.2.12.jar Transitive 3.0.0 โœ…

Reachable
CVE-2022-38752 High 7.1 Not Defined 0.3% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

Reachable
CVE-2022-38751 High 7.1 Not Defined 0.1% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

Reachable
CVE-2022-38750 High 7.1 Not Defined 0.1% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

Reachable
CVE-2022-38749 High 7.1 Not Defined 0.1% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

Reachable
CVE-2022-41854 Medium 6.9 Not Defined 0.70000005% snakeyaml-1.30.jar Transitive 3.0.0 โœ…

Reachable
CVE-2023-6481 High 8.2 Not Defined 0.0% logback-core-1.2.12.jar Transitive 3.0.0 โœ…

Unreachable
CVE-2024-38808 Medium 5.1 Not Defined 0.0% spring-expression-5.3.31.jar Transitive 3.0.0 โœ…

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-25857

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.18.jar (Root Library)
    • spring-boot-starter-2.7.18.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token (Extension)
    ...
      -> org.springframework.boot.json.YamlJsonParser (Extension)
       -> org.yaml.snakeyaml.constructor.BaseConstructor (Extension)
        -> โŒ org.yaml.snakeyaml.LoaderOptions (Vulnerable Component)

Vulnerability Details

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Publish Date: 2022-08-30

URL: CVE-2022-25857

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857

Release Date: 2022-08-30

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-1471

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.18.jar (Root Library)
    • spring-boot-starter-2.7.18.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token (Extension)
    ...
      -> org.springframework.boot.json.YamlJsonParser (Extension)
       -> org.yaml.snakeyaml.Yaml (Extension)
        -> โŒ org.yaml.snakeyaml.constructor.Constructor (Vulnerable Component)

Vulnerability Details

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.ย Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Publish Date: 2022-12-01

URL: CVE-2022-1471

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 2.1%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374

Release Date: 2022-12-01

Fix Resolution (org.yaml:snakeyaml): 2.0

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.2.0

In order to enable automatic remediation, please create workflow rules

CVE-2023-6378

Vulnerable Library - logback-classic-1.2.12.jar

logback-classic module

Library home page: http://www.qos.ch

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.12/logback-classic-1.2.12.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.18.jar (Root Library)
    • spring-boot-starter-2.7.18.jar
      • spring-boot-starter-logging-2.7.18.jar
        • โŒ logback-classic-1.2.12.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.lessons.logging.LogBleedingTask (Application)
  -> org.slf4j.LoggerFactory (Extension)
   -> org.slf4j.impl.StaticLoggerBinder (Extension)
    -> ch.qos.logback.classic.joran.JoranConfigurator (Extension)
    ...
      -> ch.qos.logback.classic.net.SocketAppender (Extension)
       -> ch.qos.logback.classic.net.LoggingEventPreSerializationTransformer (Extension)
        -> โŒ ch.qos.logback.classic.spi.LoggingEventVO (Vulnerable Component)

Vulnerability Details

A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.

Publish Date: 2023-11-29

URL: CVE-2023-6378

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (8.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://logback.qos.ch/news.html#1.3.12

Release Date: 2023-11-29

Fix Resolution (ch.qos.logback:logback-classic): 1.2.13

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-38752

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.18.jar (Root Library)
    • spring-boot-starter-2.7.18.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token (Extension)
    ...
      -> org.springframework.boot.json.YamlJsonParser (Extension)
       -> org.yaml.snakeyaml.Yaml (Extension)
        -> โŒ org.yaml.snakeyaml.parser.ParserImpl (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

Publish Date: 2022-09-05

URL: CVE-2022-38752

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.3%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-9w3m-gqgf-c4p9

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.32

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-38751

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.18.jar (Root Library)
    • spring-boot-starter-2.7.18.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token (Extension)
    ...
      -> org.springframework.boot.json.YamlJsonParser (Extension)
       -> org.yaml.snakeyaml.constructor.BaseConstructor (Extension)
        -> โŒ org.yaml.snakeyaml.composer.Composer (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38751

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-38750

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.18.jar (Root Library)
    • spring-boot-starter-2.7.18.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token (Extension)
    ...
      -> org.springframework.boot.json.YamlJsonParser (Extension)
       -> org.yaml.snakeyaml.constructor.BaseConstructor (Extension)
        -> โŒ org.yaml.snakeyaml.composer.Composer (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38750

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-38749

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.18.jar (Root Library)
    • spring-boot-starter-2.7.18.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.EnableWebSecurity (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.Token (Extension)
    ...
      -> org.springframework.boot.json.YamlJsonParser (Extension)
       -> org.yaml.snakeyaml.constructor.BaseConstructor (Extension)
        -> โŒ org.yaml.snakeyaml.LoaderOptions (Vulnerable Component)

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38749

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027

Release Date: 2022-09-05

Fix Resolution (org.yaml:snakeyaml): 1.31

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-41854

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.18.jar (Root Library)
    • spring-boot-starter-2.7.18.jar
      • โŒ snakeyaml-1.30.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration (Extension)
    -> org.springframework.boot.actuate.autoconfigure.cloudfoundry.servlet.TokenValidator (Extension)
    ...
      -> org.springframework.boot.json.JsonParserFactory (Extension)
       -> org.springframework.boot.json.YamlJsonParser (Extension)
        -> โŒ org.yaml.snakeyaml.constructor.BaseConstructor (Vulnerable Component)

Vulnerability Details

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

Publish Date: 2022-11-11

URL: CVE-2022-41854

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.70000005%

CVSS 4 Score Details (6.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bitbucket.org/snakeyaml/snakeyaml/issues/531/

Release Date: 2022-11-11

Fix Resolution (org.yaml:snakeyaml): 1.32

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2023-6481

Vulnerable Library - logback-core-1.2.12.jar

logback-core module

Library home page: http://www.qos.ch

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.18.jar (Root Library)
    • spring-boot-starter-2.7.18.jar
      • spring-boot-starter-logging-2.7.18.jar
        • logback-classic-1.2.12.jar
          • โŒ logback-core-1.2.12.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

A serialization vulnerability in logback receiver component part of
logback version 1.4.13,ย 1.3.13 andย 1.2.12 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.

Publish Date: 2023-12-04

URL: CVE-2023-6481

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (8.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-6481

Release Date: 2023-12-04

Fix Resolution (ch.qos.logback:logback-core): 1.2.13

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2024-38808

Vulnerable Library - spring-expression-5.3.31.jar

Spring Expression Language (SpEL)

Library home page: https://spring.io/projects/spring-framework

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.31/spring-expression-5.3.31.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.18.jar (Root Library)
    • spring-boot-starter-2.7.18.jar
      • spring-boot-2.7.18.jar
        • spring-context-5.3.31.jar
          • โŒ spring-expression-5.3.31.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  • The application evaluates user-supplied SpEL expressions.

Publish Date: 2024-08-20

URL: CVE-2024-38808

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (5.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2024-38808

Release Date: 2024-08-20

Fix Resolution (org.springframework:spring-expression): 5.3.39

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-validation): 3.0.0

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

License Policy Violation detected in jquery.form-3.51.js

License Policy Violation detected in jquery.form-3.51.js

Library - jquery.form-3.51.js

The jQuery Form Plugin allows you to easily and unobtrusively upgrade HTML forms to use AJAX.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery.form/3.51/jquery.form.js

Path to library: /src/main/resources/webgoat/static/js/jquery_form/jquery.form.js,/src/main/resources/webgoat/static/js/libs/jquery.form.js

Dependency Hierarchy:

  • โŒ jquery.form-3.51.js (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

LGPL 2.1
License Reference File: https://github.com/cdnjs/cdnjs/blob/master/ajax/libs/jquery.form/package.json

MIT
License Reference File: https://github.com/cdnjs/cdnjs/blob/master/ajax/libs/jquery.form/package.json

ย ย ย  โ›” License Policy Violation - Block GPL

underscore-min-1.10.2.js: 1 vulnerabilities (highest severity is: 1.2)

Vulnerable Library - underscore-min-1.10.2.js

JavaScript's functional programming helper library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.10.2/underscore-min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/underscore-min.js

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (underscore-min version) Remediation Possible** Reachability
CVE-2021-23358 Low 1.2 Proof of concept 1.5% underscore-min-1.10.2.js Direct underscore - 1.12.1,1.13.0-2 โŒ

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-23358

Vulnerable Library - underscore-min-1.10.2.js

JavaScript's functional programming helper library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.10.2/underscore-min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/underscore-min.js

Dependency Hierarchy:

  • โŒ underscore-min-1.10.2.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

Publish Date: 2021-03-29

URL: CVE-2021-23358

Threat Assessment

Exploit Maturity: Proof of concept

EPSS: 1.5%

CVSS 4 Score Details (1.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: High
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358

Release Date: 2021-03-29

Fix Resolution: underscore - 1.12.1,1.13.0-2

jquery-3.4.1.min.js: 2 vulnerabilities (highest severity is: 5.7)

Vulnerable Library - jquery-3.4.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery.min.js

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (jquery version) Remediation Possible** Reachability
CVE-2020-11023 Medium 5.7 Proof of concept 2.3% jquery-3.4.1.min.js Direct jquery - 3.5.0;jquery-rails - 4.4.0 โŒ
CVE-2020-11022 Medium 5.7 Proof of concept 6.3% jquery-3.4.1.min.js Direct jQuery - 3.5.0 โŒ

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-11023

Vulnerable Library - jquery-3.4.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery.min.js

Dependency Hierarchy:

  • โŒ jquery-3.4.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

Threat Assessment

Exploit Maturity: Proof of concept

EPSS: 2.3%

CVSS 4 Score Details (5.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

CVE-2020-11022

Vulnerable Library - jquery-3.4.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery.min.js

Dependency Hierarchy:

  • โŒ jquery-3.4.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

Threat Assessment

Exploit Maturity: Proof of concept

EPSS: 6.3%

CVSS 4 Score Details (5.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

License Policy Violation detected in logback-classic-1.2.11.jar - autoclosed

License Policy Violation detected in logback-classic-1.2.11.jar

Library - logback-classic-1.2.11.jar

logback-classic module

Library home page: http://logback.qos.ch

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.11/logback-classic-1.2.11.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • spring-boot-starter-logging-2.7.1.jar
        • โŒ logback-classic-1.2.11.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

Eclipse 1.0
License Reference File: https://index.whitesourcesoftware.com/gri/app/reader/resource/content/asString/97520f9f-12e1-4194-ac15-3b9334fab118

LGPL 2.1
License Reference File: https://index.whitesourcesoftware.com/gri/app/reader/resource/content/asString/1bf4c983-4eda-4b2c-892b-61994f7a4bca

ย ย ย  โ›” License Policy Violation - Block GPL

spring-boot-starter-security-2.7.1.jar: 3 vulnerabilities (highest severity is: 9.3) reachable - autoclosed

Vulnerable Library - spring-boot-starter-security-2.7.1.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.7.2/spring-security-web-5.7.2.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (spring-boot-starter-security version) Remediation Possible** Reachability
CVE-2023-34034 Critical 9.3 Not Defined 0.2% spring-security-config-5.7.2.jar Transitive 2.7.14 โœ…

CVE-2022-31692 Critical 9.3 Not Defined 0.9% spring-security-web-5.7.2.jar Transitive 2.7.6 โœ…

CVE-2023-20862 Medium 5.3 Not Defined 0.1% spring-security-web-5.7.2.jar Transitive 2.7.12 โœ…

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-34034

Vulnerable Library - spring-security-config-5.7.2.jar

Spring Security

Library home page: https://spring.io/projects/spring-security

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-config/5.7.2/spring-security-config-5.7.2.jar

Dependency Hierarchy:

  • spring-boot-starter-security-2.7.1.jar (Root Library)
    • โŒ spring-security-config-5.7.2.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.builders.HttpSecurity (Extension)
   -> org.springframework.security.config.annotation.web.builders.HttpSecurity$RequestMatcherConfigurer (Extension)
    -> org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry (Extension)
     -> โŒ org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry$RequestMatchers (Vulnerable Component)

Vulnerability Details

Using "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and Spring WebFlux, and the potential for a security bypass.

Publish Date: 2023-07-19

URL: CVE-2023-34034

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (9.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-34034

Release Date: 2023-07-19

Fix Resolution (org.springframework.security:spring-security-config): 5.7.10

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 2.7.14

In order to enable automatic remediation, please create workflow rules

CVE-2022-31692

Vulnerable Library - spring-security-web-5.7.2.jar

Spring Security

Library home page: https://spring.io/projects/spring-security

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.7.2/spring-security-web-5.7.2.jar

Dependency Hierarchy:

  • spring-boot-starter-security-2.7.1.jar (Root Library)
    • โŒ spring-security-web-5.7.2.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially used 

org.owasp.webgoat.container.WebSecurityConfig (Application)
  -> org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$1 (Extension)
   -> โŒ org.springframework.security.web.access.intercept.AuthorizationFilter (Vulnerable Component)

Vulnerability Details

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

Publish Date: 2022-10-31

URL: CVE-2022-31692

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.9%

CVSS 4 Score Details (9.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://tanzu.vmware.com/security/cve-2022-31692

Release Date: 2022-10-31

Fix Resolution (org.springframework.security:spring-security-web): 5.7.5

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 2.7.6

In order to enable automatic remediation, please create workflow rules

CVE-2023-20862

Vulnerable Library - spring-security-web-5.7.2.jar

Spring Security

Library home page: https://spring.io/projects/spring-security

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.7.2/spring-security-web-5.7.2.jar

Dependency Hierarchy:

  • spring-boot-starter-security-2.7.1.jar (Root Library)
    • โŒ spring-security-web-5.7.2.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3.

Publish Date: 2023-04-19

URL: CVE-2023-20862

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://spring.io/security/cve-2023-20862

Release Date: 2023-04-19

Fix Resolution (org.springframework.security:spring-security-web): 5.7.8

Direct dependency fix Resolution (org.springframework.boot:spring-boot-starter-security): 2.7.12

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

License Policy Violation detected in javax.activation-api-1.2.0.jar

License Policy Violation detected in javax.activation-api-1.2.0.jar

Library - javax.activation-api-1.2.0.jar

Library home page: http://www.oracle.com

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/javax/activation/javax.activation-api/1.2.0/javax.activation-api-1.2.0.jar

Dependency Hierarchy:

  • jaxb-api-2.3.1.jar (Root Library)
    • โŒ javax.activation-api-1.2.0.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

CDDL 1.1
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/650346ba-3a5c-4cae-9b9e-2e682ff5e3c5

GPL 2.0 Classpath
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/493e2b39-3aad-4c39-9220-50f83cb66b5e

ย ย ย  โ›” License Policy Violation - Block GPL

jquery-ui-1.12.1.min.js: 4 vulnerabilities (highest severity is: 7.1)

Vulnerable Library - jquery-ui-1.12.1.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-ui.min.js

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (jquery-ui version) Remediation Possible** Reachability
CVE-2021-41184 High 7.1 Not Defined 0.5% jquery-ui-1.12.1.min.js Direct jquery-ui - 1.13.0 โŒ
CVE-2021-41182 High 7.1 Not Defined 0.3% jquery-ui-1.12.1.min.js Direct jquery-ui - 1.13.0 โŒ
CVE-2021-41183 Medium 6.0 Not Defined 0.4% jquery-ui-1.12.1.min.js Direct jquery-ui - 1.13.0 โŒ
CVE-2022-31160 Medium 5.3 Not Defined 0.2% jquery-ui-1.12.1.min.js Direct jquery-ui - 1.13.2 โŒ

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-41184

Vulnerable Library - jquery-ui-1.12.1.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-ui.min.js

Dependency Hierarchy:

  • โŒ jquery-ui-1.12.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.

Publish Date: 2021-10-26

URL: CVE-2021-41184

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.5%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184

Release Date: 2021-10-26

Fix Resolution: jquery-ui - 1.13.0

CVE-2021-41182

Vulnerable Library - jquery-ui-1.12.1.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-ui.min.js

Dependency Hierarchy:

  • โŒ jquery-ui-1.12.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.

Publish Date: 2021-10-26

URL: CVE-2021-41182

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.3%

CVSS 4 Score Details (7.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182

Release Date: 2021-10-26

Fix Resolution: jquery-ui - 1.13.0

CVE-2021-41183

Vulnerable Library - jquery-ui-1.12.1.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-ui.min.js

Dependency Hierarchy:

  • โŒ jquery-ui-1.12.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.

Publish Date: 2021-10-26

URL: CVE-2021-41183

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.4%

CVSS 4 Score Details (6.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183

Release Date: 2021-10-26

Fix Resolution: jquery-ui - 1.13.0

CVE-2022-31160

Vulnerable Library - jquery-ui-1.12.1.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-ui.min.js

Dependency Hierarchy:

  • โŒ jquery-ui-1.12.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the label in a span.

Publish Date: 2022-07-20

URL: CVE-2022-31160

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160

Release Date: 2022-07-20

Fix Resolution: jquery-ui - 1.13.2

License Policy Violation detected in jakarta.servlet-api-4.0.4.jar

License Policy Violation detected in jakarta.servlet-api-4.0.4.jar

Library - jakarta.servlet-api-4.0.4.jar

Library home page: https://www.eclipse.org

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/jakarta/servlet/jakarta.servlet-api/4.0.4/jakarta.servlet-api-4.0.4.jar

Dependency Hierarchy:

  • spring-boot-starter-undertow-2.7.18.jar (Root Library)
    • โŒ jakarta.servlet-api-4.0.4.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

Eclipse 2.0
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9941c477-e78f-4c89-a4cb-783c6f7cb3f6

GPL 2.0 Classpath
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/493e2b39-3aad-4c39-9220-50f83cb66b5e

ย ย ย  โ›” License Policy Violation - Block GPL

jquery-1.10.2.min.js: 4 vulnerabilities (highest severity is: 5.3)

Vulnerable Library - jquery-1.10.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (jquery version) Remediation Possible** Reachability
CVE-2020-11023 Medium 5.3 Proof of concept 1.4000001% jquery-1.10.2.min.js Direct jquery - 3.5.0;jquery-rails - 4.4.0 โŒ
CVE-2020-11022 Medium 5.3 Proof of concept 4.4% jquery-1.10.2.min.js Direct jQuery - 3.5.0 โŒ
CVE-2015-9251 Medium 5.3 Not Defined 0.70000005% jquery-1.10.2.min.js Direct jQuery - 3.0.0 โŒ
CVE-2019-11358 Medium 5.3 Proof of concept 3.6% jquery-1.10.2.min.js Direct jquery - 3.4.0 โŒ

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-11023

Vulnerable Library - jquery-1.10.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js

Dependency Hierarchy:

  • โŒ jquery-1.10.2.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

Threat Assessment

Exploit Maturity: Proof of concept

EPSS: 1.4000001%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

CVE-2020-11022

Vulnerable Library - jquery-1.10.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js

Dependency Hierarchy:

  • โŒ jquery-1.10.2.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

Threat Assessment

Exploit Maturity: Proof of concept

EPSS: 4.4%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

CVE-2015-9251

Vulnerable Library - jquery-1.10.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js

Dependency Hierarchy:

  • โŒ jquery-1.10.2.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.70000005%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - 3.0.0

CVE-2019-11358

Vulnerable Library - jquery-1.10.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/jquery/jquery-1.10.2.min.js

Dependency Hierarchy:

  • โŒ jquery-1.10.2.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

Threat Assessment

Exploit Maturity: Proof of concept

EPSS: 3.6%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: jquery - 3.4.0

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Pending Approval

These branches will be created by Renovate only once you click their checkbox below.

  • [NEUTRAL] Update dependency com.google.guava:guava to v30.1.1-jre
  • [NEUTRAL] Update dependency org.asciidoctor:asciidoctorj to v2.5.13
  • [NEUTRAL] Update dependency org.owasp:dependency-check-maven to v6.5.3
  • [LOW] Update dependency io.jsonwebtoken:jjwt to v0.12.6
  • [LOW] Update dependency org.apache.commons:commons-exec to v1.4.0
  • [NEUTRAL] Update dependency org.jruby:jruby to v9.4.8.0
  • [NEUTRAL] Update dependency org.webjars:bootstrap to v3.4.1
  • [NEUTRAL] Update dependency org.webjars:jquery to v3.7.1
  • [LOW] Update dependency com.github.tomakehurst:wiremock to v3
  • [LOW] Update dependency io.github.bonigarcia:webdrivermanager to v5
  • [LOW] Update dependency org.asciidoctor:asciidoctorj to v3
  • [LOW] Update dependency org.springframework.boot:spring-boot-starter-parent to v3
  • [NEUTRAL] Update dependency cglib:cglib-nodep to v3
  • [NEUTRAL] Update dependency org.owasp:dependency-check-maven to v10
  • ๐Ÿ” Create all pending approval PRs at once ๐Ÿ”

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • Update Mend: high confidence minor and patch dependency updates (maven, org.apache.maven.plugins:maven-enforcer-plugin, org.apache.commons:commons-compress, org.ow2.asm:asm, com.nulab-inc:zxcvbn, com.thoughtworks.xstream:xstream, org.apache.maven.plugins:maven-surefire-plugin, org.jsoup:jsoup, org.bitbucket.b_c:jose4j, org.apache.commons:commons-text, commons-io:commons-io, org.apache.maven.plugins:maven-checkstyle-plugin)
  • Update actions/setup-python action to v5
  • Update dependency maven-wrapper to v3
  • Update dependency org.webjars:bootstrap to v5
  • Update docker.io/eclipse-temurin Docker tag to v19
  • Update docker/build-push-action action to v6
  • Update docker/login-action action to v3
  • Update docker/setup-buildx-action action to v3
  • Update docker/setup-qemu-action action to v3
  • Update softprops/action-gh-release action to v2
  • ๐Ÿ” Create all rate-limited PRs at once ๐Ÿ”

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

cloudbuild
cloudbuild.yaml
dockerfile
Dockerfile
  • docker.io/eclipse-temurin 17-jre-focal
Dockerfile_desktop
github-actions
.github/workflows/build.yml
  • actions/checkout v3
  • actions/setup-java v3
  • actions/cache v3.2.5
  • docker/setup-qemu-action v2.1.0
  • docker/setup-buildx-action v2
  • docker/build-push-action v4.0.0
  • docker/build-push-action v4.0.0
.github/workflows/github-pipeline_sca_sast_scan.yml
  • actions/checkout v3
.github/workflows/mendcontainer.yaml
.github/workflows/release.yml
  • actions/checkout v3
  • actions/setup-java v3
  • actions/cache v3.2.5
  • softprops/action-gh-release v1
  • docker/setup-qemu-action v2.1.0
  • docker/setup-buildx-action v2
  • docker/login-action v2.1.0
  • docker/build-push-action v4.0.0
  • docker/build-push-action v4.0.0
  • actions/checkout v3
  • actions/setup-java v3
  • devops-infra/action-commit-push v0.9.2
  • devops-infra/action-pull-request v0.5.5
.github/workflows/test.yml
  • actions/checkout v3
  • actions/setup-python v4
  • actions/setup-java v3
  • actions/cache v3.2.5
  • BSFishy/pip-action v1
  • ifaxity/wait-on-action v1
  • joonvena/robotframework-reporter-action v2.1
.github/workflows/welcome.yml
  • actions/first-interaction v1.1.1
maven
pom.xml
  • org.springframework.boot:spring-boot-starter-parent 2.7.18
  • org.ow2.asm:asm 9.6
  • org.apache.commons:commons-exec 1.3
  • org.asciidoctor:asciidoctorj 2.5.11
  • org.jsoup:jsoup 1.17.2
  • com.nulab-inc:zxcvbn 1.5.2
  • com.thoughtworks.xstream:xstream 1.4.5
  • cglib:cglib-nodep 2.2.2
  • xml-resolver:xml-resolver 1.2
  • io.jsonwebtoken:jjwt 0.9.1
  • com.google.guava:guava 30.1-jre
  • commons-io:commons-io 2.15.1
  • org.apache.commons:commons-text 1.11.0
  • org.bitbucket.b_c:jose4j 0.9.5
  • org.webjars:bootstrap 3.3.7
  • org.webjars:jquery 3.5.1
  • com.github.tomakehurst:wiremock 2.27.2
  • io.github.bonigarcia:webdrivermanager 4.4.3
  • org.apache.commons:commons-compress 1.21
  • org.jruby:jruby 9.3.6.0
  • org.apache.maven.plugins:maven-surefire-plugin 3.2.5
  • org.apache.maven.plugins:maven-checkstyle-plugin 3.3.1
  • com.diffplug.spotless:spotless-maven-plugin 2.43.0
  • org.apache.maven.plugins:maven-enforcer-plugin 3.4.1
  • com.bazaarvoice.maven.plugins:process-exec-maven-plugin 0.9
  • org.owasp:dependency-check-maven 6.5.1
maven-wrapper
.mvn/wrapper/maven-wrapper.properties
  • maven 3.9.6
  • maven-wrapper 0.5.6

Code Security Report: 24 high severity findings, 32 total findings

Code Security Report

Scan Metadata

Latest Scan: 2024-02-22 04:23pm
Total Findings: 32 | New Findings: 5 | Resolved Findings: 8
Tested Project Files: 430
Detected Programming Languages: 2 (JavaScript / TypeScript*, Java*)

  • Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Automatic Remediation Available (6)

SeverityVulnerability TypeCWEFileData FlowsDate
HighSQL Injection

CWE-89

Assignment5.java:60

12024-02-22 04:23pm
Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java

Lines 55 to 60 in 1a1a756

if (!"Larry".equals(username_login)) {
return failed(this).feedback("user.not.larry").feedbackArgs(username_login).build();
}
try (var connection = dataSource.getConnection()) {
PreparedStatement statement =
connection.prepareStatement(

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java

Line 50 in 1a1a756

public AttackResult login(

WebGoat/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java

Line 61 in 1a1a756

"select password from challenge_users where userid = '"

WebGoat/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java

Line 60 in 1a1a756

connection.prepareStatement(

โ›‘๏ธ Remediation Suggestion

WebGoat/diffs/f67e5db6-6377-4a0e-ac58-5e4afa55ebe3/Assignment5.java.diff

Lines 1 to 81 in 2d69ec3

--- original
+++ remediated
@@ -0,0 +0,0 @@
/*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2019 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/
package org.owasp.webgoat.lessons.challenges.challenge5;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.container.LessonDataSource;
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AttackResult;
import org.owasp.webgoat.lessons.challenges.Flag;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
@RestController
@Slf4j
public class Assignment5 extends AssignmentEndpoint {
private final LessonDataSource dataSource;
public Assignment5(LessonDataSource dataSource) {
this.dataSource = dataSource;
}
@PostMapping("/challenge/5")
@ResponseBody
public AttackResult login(
@RequestParam String username_login, @RequestParam String password_login) throws Exception {
if (!StringUtils.hasText(username_login) || !StringUtils.hasText(password_login)) {
return failed(this).feedback("required4").build();
}
if (!"Larry".equals(username_login)) {
return failed(this).feedback("user.not.larry").feedbackArgs(username_login).build();
}
try (var connection = dataSource.getConnection()) {
PreparedStatement statement =
connection.prepareStatement(
@@ -61,5 +61,2 @@
- "select password from challenge_users where userid = '"
- + username_login
- + "' and password = '"
- + password_login
- + "'");
+ "select password from challenge_users where userid = '" + username_login + "' and password = " + "?");
+ statement.setString(1, password_login);
ResultSet resultSet = statement.executeQuery();
if (resultSet.next()) {
return success(this).feedback("challenge.solved").feedbackArgs(Flag.FLAGS.get(5)).build();
} else {
return failed(this).feedback("challenge.close").build();
}
}
}
}

โœ”๏ธ Pull Request created

Secure Code Warrior Training Material

Training

ย ย ย  Secure Code Warrior SQL Injection Training

Videos

ย ย ย  Secure Code Warrior SQL Injection Video

Further Reading

ย ย ย  OWASP SQL Injection Prevention Cheat Sheet

ย ย ย  OWASP SQL Injection

ย ย ย  OWASP Query Parameterization Cheat Sheet

ย 
HighSQL Injection

CWE-89

Servers.java:72

12024-02-22 04:23pm
Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java

Lines 67 to 72 in 1a1a756

public List<Server> sort(@RequestParam String column) throws Exception {
List<Server> servers = new ArrayList<>();
try (var connection = dataSource.getConnection()) {
try (var statement =
connection.prepareStatement(

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java

Line 67 in 1a1a756

public List<Server> sort(@RequestParam String column) throws Exception {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java

Line 73 in 1a1a756

"select id, hostname, ip, mac, status, description from SERVERS where status <> 'out"

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/Servers.java

Line 72 in 1a1a756

connection.prepareStatement(

โ›‘๏ธ Remediation Suggestion

WebGoat/diffs/fa828b00-3496-464b-8842-ae264def72d0/Servers.java.diff

Lines 1 to 105 in bbecbb7

--- original
+++ remediated
@@ -0,0 +0,0 @@
/*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2019 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/
package org.owasp.webgoat.lessons.sqlinjection.mitigation;
import java.util.ArrayList;
import java.util.List;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.container.LessonDataSource;
import org.springframework.http.MediaType;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
/**
* @author nbaars
* @since 6/13/17.
*/
@RestController
@RequestMapping("SqlInjectionMitigations/servers")
@Slf4j
public class Servers {
private final LessonDataSource dataSource;
@AllArgsConstructor
@Getter
private class Server {
private String id;
private String hostname;
private String ip;
private String mac;
private String status;
private String description;
}
public Servers(LessonDataSource dataSource) {
this.dataSource = dataSource;
}
@GetMapping(produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
public List<Server> sort(@RequestParam String column) throws Exception {
List<Server> servers = new ArrayList<>();
try (var connection = dataSource.getConnection()) {
@@ -71,6 +71,8 @@
- try (var statement =
- connection.prepareStatement(
- "select id, hostname, ip, mac, status, description from SERVERS where status <> 'out"
- + " of order' order by "
- + column)) {
- try (var rs = statement.executeQuery()) {
+ //TODO: Possibly need to remove redundant commas around encoded elements inside query
+ PreparedStatement preparedStatement = connection
+ .prepareStatement("select id, hostname, ip, mac, status, description from SERVERS where status <> 'out"
+ + " of order' order by " + "?");
+ try (var statement =
+ preparedStatement) {
+ preparedStatement.setString(1, column);
+ try (var rs = statement.executeQuery()) {
while (rs.next()) {
Server server =
new Server(
rs.getString(1),
rs.getString(2),
rs.getString(3),
rs.getString(4),
rs.getString(5),
rs.getString(6));
servers.add(server);
}
}
}
}
return servers;
}
}

  • Create Pull Request
Secure Code Warrior Training Material

Training

ย ย ย  Secure Code Warrior SQL Injection Training

Videos

ย ย ย  Secure Code Warrior SQL Injection Video

Further Reading

ย ย ย  OWASP SQL Injection Prevention Cheat Sheet

ย ย ย  OWASP SQL Injection

ย ย ย  OWASP Query Parameterization Cheat Sheet

ย 
HighSQL Injection

CWE-89

SqlInjectionLesson8.java:78

12024-02-22 04:23pm
Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Lines 73 to 78 in 1a1a756

try {
Statement statement =
connection.createStatement(
ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE);
log(connection, query);
ResultSet results = statement.executeQuery(query);

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 59 in 1a1a756

public AttackResult completed(@RequestParam String name, @RequestParam String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 60 in 1a1a756

return injectableQueryConfidentiality(name, auth_tan);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 63 in 1a1a756

protected AttackResult injectableQueryConfidentiality(String name, String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 66 in 1a1a756

"SELECT * FROM employees WHERE last_name = '"

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 77 in 1a1a756

log(connection, query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 147 in 1a1a756

public static void log(Connection connection, String action) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 77 in 1a1a756

log(connection, query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 78 in 1a1a756

ResultSet results = statement.executeQuery(query);

โ›‘๏ธ Remediation Suggestion

WebGoat/diffs/80cdeea3-d398-41f9-aa9f-22c4445ff30b/SqlInjectionLesson8.java.diff

Lines 1 to 177 in cdc5564

--- original
+++ remediated
@@ -0,0 +0,0 @@
/*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2019 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/
package org.owasp.webgoat.lessons.sqlinjection.introduction;
import static java.sql.ResultSet.CONCUR_UPDATABLE;
@@ -26,0 +26,1 @@
+import java.sql.PreparedStatement;
import static java.sql.ResultSet.TYPE_SCROLL_SENSITIVE;
import java.sql.*;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import org.owasp.webgoat.container.LessonDataSource;
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AssignmentHints;
import org.owasp.webgoat.container.assignments.AttackResult;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
@RestController
@AssignmentHints(
value = {
"SqlStringInjectionHint.8.1",
"SqlStringInjectionHint.8.2",
"SqlStringInjectionHint.8.3",
"SqlStringInjectionHint.8.4",
"SqlStringInjectionHint.8.5"
})
public class SqlInjectionLesson8 extends AssignmentEndpoint {
private final LessonDataSource dataSource;
public SqlInjectionLesson8(LessonDataSource dataSource) {
this.dataSource = dataSource;
}
@PostMapping("/SqlInjection/attack8")
@ResponseBody
public AttackResult completed(@RequestParam String name, @RequestParam String auth_tan) {
return injectableQueryConfidentiality(name, auth_tan);
}
protected AttackResult injectableQueryConfidentiality(String name, String auth_tan) {
StringBuilder output = new StringBuilder();
String query =
"SELECT * FROM employees WHERE last_name = '"
+ name
@@ -68,3 +69,2 @@
- + "' AND auth_tan = '"
- + auth_tan
- + "'";
+ + "' AND auth_tan = "
+ + "?";
try (Connection connection = dataSource.getConnection()) {
try {
@@ -74,3 +74,2 @@
- Statement statement =
- connection.createStatement(
- ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE);
+ PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
+ ResultSet.CONCUR_UPDATABLE);
log(connection, query);
@@ -78,1 +77,2 @@
- ResultSet results = statement.executeQuery(query);
+ statement.setString(1, auth_tan);
+ ResultSet results = statement.executeQuery();
if (results.getStatement() != null) {
if (results.first()) {
output.append(generateTable(results));
results.last();
if (results.getRow() > 1) {
// more than one record, the user succeeded
return success(this)
.feedback("sql-injection.8.success")
.output(output.toString())
.build();
} else {
// only one record
return failed(this).feedback("sql-injection.8.one").output(output.toString()).build();
}
} else {
// no results
return failed(this).feedback("sql-injection.8.no.results").build();
}
} else {
return failed(this).build();
}
} catch (SQLException e) {
return failed(this)
.output("<br><span class='feedback-negative'>" + e.getMessage() + "</span>")
.build();
}
} catch (Exception e) {
return failed(this)
.output("<br><span class='feedback-negative'>" + e.getMessage() + "</span>")
.build();
}
}
public static String generateTable(ResultSet results) throws SQLException {
ResultSetMetaData resultsMetaData = results.getMetaData();
int numColumns = resultsMetaData.getColumnCount();
results.beforeFirst();
StringBuilder table = new StringBuilder();
table.append("<table>");
if (results.next()) {
table.append("<tr>");
for (int i = 1; i < (numColumns + 1); i++) {
table.append("<th>" + resultsMetaData.getColumnName(i) + "</th>");
}
table.append("</tr>");
results.beforeFirst();
while (results.next()) {
table.append("<tr>");
for (int i = 1; i < (numColumns + 1); i++) {
table.append("<td>" + results.getString(i) + "</td>");
}
table.append("</tr>");
}
} else {
table.append("Query Successful; however no data was returned from this query.");
}
table.append("</table>");
return (table.toString());
}
public static void log(Connection connection, String action) {
action = action.replace('\'', '"');
Calendar cal = Calendar.getInstance();
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
String time = sdf.format(cal.getTime());
String logQuery =
"INSERT INTO access_log (time, action) VALUES ('" + time + "', '" + action + "')";
try {
Statement statement = connection.createStatement(TYPE_SCROLL_SENSITIVE, CONCUR_UPDATABLE);
statement.executeUpdate(logQuery);
} catch (SQLException e) {
System.err.println(e.getMessage());
}
}
}

  • Create Pull Request
Secure Code Warrior Training Material

Training

ย ย ย  Secure Code Warrior SQL Injection Training

Videos

ย ย ย  Secure Code Warrior SQL Injection Video

Further Reading

ย ย ย  OWASP SQL Injection Prevention Cheat Sheet

ย ย ย  OWASP SQL Injection

ย ย ย  OWASP Query Parameterization Cheat Sheet

ย 
HighSQL Injection

CWE-89

SqlInjectionLesson5b.java:86

12024-02-22 04:23pm
Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java

Lines 81 to 86 in 1a1a756

query.setInt(1, count);
// String query = "SELECT * FROM user_data WHERE Login_Count = " + login_count + " and userid
// = " + accountName, ;
try {
ResultSet results = query.executeQuery();

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java

Line 55 in 1a1a756

public AttackResult completed(

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java

Line 58 in 1a1a756

return injectableQuery(login_count, userid);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java

Line 61 in 1a1a756

protected AttackResult injectableQuery(String login_count, String accountName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java

Line 62 in 1a1a756

String queryString = "SELECT * From user_data WHERE Login_Count = ? and userid= " + accountName;

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java

Line 65 in 1a1a756

connection.prepareStatement(

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java

Line 65 in 1a1a756

connection.prepareStatement(

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java

Line 86 in 1a1a756

ResultSet results = query.executeQuery();

โ›‘๏ธ Remediation Suggestion

WebGoat/diffs/db430b85-0f65-4c9a-ac52-a9177e986ba8/SqlInjectionLesson5b.java.diff

Lines 1 to 148 in f0b53b4

--- original
+++ remediated
@@ -0,0 +0,0 @@
/*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2019 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/
package org.owasp.webgoat.lessons.sqlinjection.introduction;
import java.io.IOException;
import java.sql.*;
import javax.servlet.http.HttpServletRequest;
import org.owasp.webgoat.container.LessonDataSource;
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AssignmentHints;
import org.owasp.webgoat.container.assignments.AttackResult;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
@RestController
@AssignmentHints(
value = {
"SqlStringInjectionHint5b1",
"SqlStringInjectionHint5b2",
"SqlStringInjectionHint5b3",
"SqlStringInjectionHint5b4"
})
public class SqlInjectionLesson5b extends AssignmentEndpoint {
private final LessonDataSource dataSource;
public SqlInjectionLesson5b(LessonDataSource dataSource) {
this.dataSource = dataSource;
}
@PostMapping("/SqlInjection/assignment5b")
@ResponseBody
public AttackResult completed(
@RequestParam String userid, @RequestParam String login_count, HttpServletRequest request)
throws IOException {
return injectableQuery(login_count, userid);
}
protected AttackResult injectableQuery(String login_count, String accountName) {
@@ -62,1 +62,1 @@
- String queryString = "SELECT * From user_data WHERE Login_Count = ? and userid= " + accountName;
+ String queryString = "SELECT * From user_data WHERE Login_Count = ? and userid= " + "?";
try (Connection connection = dataSource.getConnection()) {
@@ -64,1 +64,2 @@
- PreparedStatement query =
+ //TODO: Possibly need to remove redundant commas around encoded elements inside query
+ PreparedStatement query =
connection.prepareStatement(
@@ -66,1 +67,1 @@
- queryString, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
+ queryString, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
int count = 0;
try {
count = Integer.parseInt(login_count);
} catch (Exception e) {
return failed(this)
.output(
"Could not parse: "
+ login_count
+ " to a number"
+ "<br> Your query was: "
+ queryString.replace("?", login_count))
.build();
}
query.setInt(1, count);
// String query = "SELECT * FROM user_data WHERE Login_Count = " + login_count + " and userid
// = " + accountName, ;
try {
@@ -86,1 +87,2 @@
- ResultSet results = query.executeQuery();
+ query.setString(2, accountName);
+ ResultSet results = query.executeQuery();
if ((results != null) && (results.first() == true)) {
ResultSetMetaData resultsMetaData = results.getMetaData();
StringBuilder output = new StringBuilder();
output.append(SqlInjectionLesson5a.writeTable(results, resultsMetaData));
results.last();
// If they get back more than one user they succeeded
if (results.getRow() >= 6) {
return success(this)
.feedback("sql-injection.5b.success")
.output("Your query was: " + queryString.replace("?", login_count))
.feedbackArgs(output.toString())
.build();
} else {
return failed(this)
.output(
output.toString()
+ "<br> Your query was: "
+ queryString.replace("?", login_count))
.build();
}
} else {
return failed(this)
.feedback("sql-injection.5b.no.results")
.output("Your query was: " + queryString.replace("?", login_count))
.build();
}
} catch (SQLException sqle) {
return failed(this)
.output(
sqle.getMessage() + "<br> Your query was: " + queryString.replace("?", login_count))
.build();
}
} catch (Exception e) {
return failed(this)
.output(
this.getClass().getName()
+ " : "
+ e.getMessage()
+ "<br> Your query was: "
+ queryString.replace("?", login_count))
.build();
}
}
}

  • Create Pull Request
Secure Code Warrior Training Material

Training

ย ย ย  Secure Code Warrior SQL Injection Training

Videos

ย ย ย  Secure Code Warrior SQL Injection Video

Further Reading

ย ย ย  OWASP SQL Injection Prevention Cheat Sheet

ย ย ย  OWASP SQL Injection

ย ย ย  OWASP Query Parameterization Cheat Sheet

ย 
HighSQL Injection

CWE-89

SqlInjectionChallenge.java:69

12023-11-09 10:57am
Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java

Lines 64 to 69 in 1a1a756

try (Connection connection = dataSource.getConnection()) {
String checkUserQuery =
"select userid from sql_challenge_users where userid = '" + username_reg + "'";
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery(checkUserQuery);

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java

Line 56 in 1a1a756

public AttackResult registerNewUser(

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java

Line 67 in 1a1a756

"select userid from sql_challenge_users where userid = '" + username_reg + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java

Line 69 in 1a1a756

ResultSet resultSet = statement.executeQuery(checkUserQuery);

โ›‘๏ธ Remediation Suggestion

WebGoat/diffs/5045adfd-5655-43fb-90f8-686bcd171492/SqlInjectionChallenge.java.diff

Lines 1 to 114 in f87a3b6

--- original
+++ remediated
@@ -0,0 +0,0 @@
/*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2019 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/
package org.owasp.webgoat.lessons.sqlinjection.advanced;
import java.sql.*;
@@ -26,0 +26,1 @@
+import java.sql.PreparedStatement;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.container.LessonDataSource;
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AssignmentHints;
import org.owasp.webgoat.container.assignments.AttackResult;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
/**
* @author nbaars
* @since 4/8/17.
*/
@RestController
@AssignmentHints(
value = {"SqlInjectionChallenge1", "SqlInjectionChallenge2", "SqlInjectionChallenge3"})
@Slf4j
public class SqlInjectionChallenge extends AssignmentEndpoint {
private final LessonDataSource dataSource;
public SqlInjectionChallenge(LessonDataSource dataSource) {
this.dataSource = dataSource;
}
@PutMapping("/SqlInjectionAdvanced/challenge")
// assignment path is bounded to class so we use different http method :-)
@ResponseBody
public AttackResult registerNewUser(
@RequestParam String username_reg,
@RequestParam String email_reg,
@RequestParam String password_reg)
throws Exception {
AttackResult attackResult = checkArguments(username_reg, email_reg, password_reg);
if (attackResult == null) {
try (Connection connection = dataSource.getConnection()) {
String checkUserQuery =
@@ -67,3 +68,4 @@
- "select userid from sql_challenge_users where userid = '" + username_reg + "'";
- Statement statement = connection.createStatement();
- ResultSet resultSet = statement.executeQuery(checkUserQuery);
+ "select userid from sql_challenge_users where userid = " + "?";
+ PreparedStatement statement = connection.prepareStatement(checkUserQuery);
+ statement.setString(1, username_reg);
+ ResultSet resultSet = statement.executeQuery();
if (resultSet.next()) {
if (username_reg.contains("tom'")) {
attackResult = success(this).feedback("user.exists").build();
} else {
attackResult = failed(this).feedback("user.exists").feedbackArgs(username_reg).build();
}
} else {
PreparedStatement preparedStatement =
connection.prepareStatement("INSERT INTO sql_challenge_users VALUES (?, ?, ?)");
preparedStatement.setString(1, username_reg);
preparedStatement.setString(2, email_reg);
preparedStatement.setString(3, password_reg);
preparedStatement.execute();
attackResult = success(this).feedback("user.created").feedbackArgs(username_reg).build();
}
} catch (SQLException e) {
attackResult = failed(this).output("Something went wrong").build();
}
}
return attackResult;
}
private AttackResult checkArguments(String username_reg, String email_reg, String password_reg) {
if (StringUtils.isEmpty(username_reg)
|| StringUtils.isEmpty(email_reg)
|| StringUtils.isEmpty(password_reg)) {
return failed(this).feedback("input.invalid").build();
}
if (username_reg.length() > 250 || email_reg.length() > 30 || password_reg.length() > 30) {
return failed(this).feedback("input.invalid").build();
}
return null;
}
}

  • Create Pull Request
Secure Code Warrior Training Material

Training

ย ย ย  Secure Code Warrior SQL Injection Training

Videos

ย ย ย  Secure Code Warrior SQL Injection Video

Further Reading

ย ย ย  OWASP SQL Injection Prevention Cheat Sheet

ย ย ย  OWASP SQL Injection

ย ย ย  OWASP Query Parameterization Cheat Sheet

ย 
HighSQL Injection

CWE-89

SqlInjectionLesson9.java:76

12023-11-09 10:57am
Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Lines 71 to 76 in 1a1a756

+ "'";
try (Connection connection = dataSource.getConnection()) {
try {
Statement statement = connection.createStatement(TYPE_SCROLL_SENSITIVE, CONCUR_UPDATABLE);
SqlInjectionLesson8.log(connection, query);
ResultSet results = statement.executeQuery(query);

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 60 in 1a1a756

public AttackResult completed(@RequestParam String name, @RequestParam String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 61 in 1a1a756

return injectableQueryIntegrity(name, auth_tan);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 64 in 1a1a756

protected AttackResult injectableQueryIntegrity(String name, String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 67 in 1a1a756

"SELECT * FROM employees WHERE last_name = '"

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 75 in 1a1a756

SqlInjectionLesson8.log(connection, query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 147 in 1a1a756

public static void log(Connection connection, String action) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 75 in 1a1a756

SqlInjectionLesson8.log(connection, query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 76 in 1a1a756

ResultSet results = statement.executeQuery(query);

โ›‘๏ธ Remediation Suggestion

WebGoat/diffs/4261dbba-9c19-42c7-b0e6-3c6727614b60/SqlInjectionLesson9.java.diff

Lines 1 to 141 in 66983b5

--- original
+++ remediated
@@ -0,0 +0,0 @@
/*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2019 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/
package org.owasp.webgoat.lessons.sqlinjection.introduction;
import static org.hsqldb.jdbc.JDBCResultSet.CONCUR_UPDATABLE;
@@ -26,0 +26,1 @@
+import java.sql.PreparedStatement;
import static org.hsqldb.jdbc.JDBCResultSet.TYPE_SCROLL_SENSITIVE;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.owasp.webgoat.container.LessonDataSource;
import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AssignmentHints;
import org.owasp.webgoat.container.assignments.AttackResult;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
@RestController
@AssignmentHints(
value = {
"SqlStringInjectionHint.9.1",
"SqlStringInjectionHint.9.2",
"SqlStringInjectionHint.9.3",
"SqlStringInjectionHint.9.4",
"SqlStringInjectionHint.9.5"
})
public class SqlInjectionLesson9 extends AssignmentEndpoint {
private final LessonDataSource dataSource;
public SqlInjectionLesson9(LessonDataSource dataSource) {
this.dataSource = dataSource;
}
@PostMapping("/SqlInjection/attack9")
@ResponseBody
public AttackResult completed(@RequestParam String name, @RequestParam String auth_tan) {
return injectableQueryIntegrity(name, auth_tan);
}
protected AttackResult injectableQueryIntegrity(String name, String auth_tan) {
StringBuilder output = new StringBuilder();
String query =
"SELECT * FROM employees WHERE last_name = '"
+ name
@@ -69,3 +70,2 @@
- + "' AND auth_tan = '"
- + auth_tan
- + "'";
+ + "' AND auth_tan = "
+ + "?";
try (Connection connection = dataSource.getConnection()) {
try {
@@ -74,1 +74,1 @@
- Statement statement = connection.createStatement(TYPE_SCROLL_SENSITIVE, CONCUR_UPDATABLE);
+ PreparedStatement statement = connection.prepareStatement(query, TYPE_SCROLL_SENSITIVE, CONCUR_UPDATABLE);
SqlInjectionLesson8.log(connection, query);
@@ -76,1 +76,2 @@
- ResultSet results = statement.executeQuery(query);
+ statement.setString(1, auth_tan);
+ ResultSet results = statement.executeQuery();
var test = results.getRow() != 0;
if (results.getStatement() != null) {
if (results.first()) {
output.append(SqlInjectionLesson8.generateTable(results));
} else {
// no results
return failed(this).feedback("sql-injection.8.no.results").build();
}
}
} catch (SQLException e) {
System.err.println(e.getMessage());
return failed(this)
.output("<br><span class='feedback-negative'>" + e.getMessage() + "</span>")
.build();
}
return checkSalaryRanking(connection, output);
} catch (Exception e) {
System.err.println(e.getMessage());
return failed(this)
.output("<br><span class='feedback-negative'>" + e.getMessage() + "</span>")
.build();
}
}
private AttackResult checkSalaryRanking(Connection connection, StringBuilder output) {
try {
String query = "SELECT * FROM employees ORDER BY salary DESC";
try (Statement statement =
connection.createStatement(TYPE_SCROLL_SENSITIVE, CONCUR_UPDATABLE); ) {
ResultSet results = statement.executeQuery(query);
results.first();
// user completes lesson if John Smith is the first in the list
if ((results.getString(2).equals("John")) && (results.getString(3).equals("Smith"))) {
output.append(SqlInjectionLesson8.generateTable(results));
return success(this)
.feedback("sql-injection.9.success")
.output(output.toString())
.build();
} else {
return failed(this).feedback("sql-injection.9.one").output(output.toString()).build();
}
}
} catch (SQLException e) {
return failed(this)
.output("<br><span class='feedback-negative'>" + e.getMessage() + "</span>")
.build();
}
}
}

  • Create Pull Request
Secure Code Warrior Training Material

Training

ย ย ย  Secure Code Warrior SQL Injection Training

Videos

ย ย ย  Secure Code Warrior SQL Injection Video

Further Reading

ย ย ย  OWASP SQL Injection Prevention Cheat Sheet

ย ย ย  OWASP SQL Injection

ย ย ย  OWASP Query Parameterization Cheat Sheet

No Automatic Remediation (4)

SeverityVulnerability TypeCWEFileData FlowsDate
HighSQL Injection

CWE-89

SqlInjectionLesson5a.java:67

12024-02-22 04:23pm
Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java

Lines 62 to 67 in 1a1a756

query =
"SELECT * FROM user_data WHERE first_name = 'John' and last_name = '" + accountName + "'";
try (Statement statement =
connection.createStatement(
ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE)) {
ResultSet results = statement.executeQuery(query);

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java

Line 54 in 1a1a756

public AttackResult completed(

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java

Line 56 in 1a1a756

return injectableQuery(account + " " + operator + " " + injection);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java

Line 56 in 1a1a756

return injectableQuery(account + " " + operator + " " + injection);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java

Line 59 in 1a1a756

protected AttackResult injectableQuery(String accountName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java

Line 63 in 1a1a756

"SELECT * FROM user_data WHERE first_name = 'John' and last_name = '" + accountName + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5a.java

Line 67 in 1a1a756

ResultSet results = statement.executeQuery(query);

Secure Code Warrior Training Material

Training

ย ย ย  Secure Code Warrior SQL Injection Training

Videos

ย ย ย  Secure Code Warrior SQL Injection Video

Further Reading

ย ย ย  OWASP SQL Injection Prevention Cheat Sheet

ย ย ย  OWASP SQL Injection

ย ย ย  OWASP Query Parameterization Cheat Sheet

ย 
HighSQL Injection

CWE-89

SqlInjectionLesson3.java:63

12023-11-09 10:57am
Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java

Lines 58 to 63 in 1a1a756

try (Connection connection = dataSource.getConnection()) {
try (Statement statement =
connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY)) {
Statement checkStatement =
connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY);
statement.executeUpdate(query);

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java

Line 53 in 1a1a756

public AttackResult completed(@RequestParam String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java

Line 54 in 1a1a756

return injectableQuery(query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java

Line 57 in 1a1a756

protected AttackResult injectableQuery(String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java

Line 63 in 1a1a756

statement.executeUpdate(query);

Secure Code Warrior Training Material

Training

ย ย ย  Secure Code Warrior SQL Injection Training

Videos

ย ย ย  Secure Code Warrior SQL Injection Video

Further Reading

ย ย ย  OWASP SQL Injection Prevention Cheat Sheet

ย ย ย  OWASP SQL Injection

ย ย ย  OWASP Query Parameterization Cheat Sheet

ย 
HighSQL Injection

CWE-89

SqlInjectionLesson4.java:62

12023-11-09 10:57am
Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java

Lines 57 to 62 in 1a1a756

protected AttackResult injectableQuery(String query) {
try (Connection connection = dataSource.getConnection()) {
try (Statement statement =
connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY)) {
statement.executeUpdate(query);

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java

Line 54 in 1a1a756

public AttackResult completed(@RequestParam String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java

Line 55 in 1a1a756

return injectableQuery(query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java

Line 58 in 1a1a756

protected AttackResult injectableQuery(String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson4.java

Line 62 in 1a1a756

statement.executeUpdate(query);

Secure Code Warrior Training Material

Training

ย ย ย  Secure Code Warrior SQL Injection Training

Videos

ย ย ย  Secure Code Warrior SQL Injection Video

Further Reading

ย ย ย  OWASP SQL Injection Prevention Cheat Sheet

ย ย ย  OWASP SQL Injection

ย ย ย  OWASP Query Parameterization Cheat Sheet

ย 
HighSQL Injection

CWE-89

SqlInjectionLesson2.java:65

12023-11-09 10:57am
Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java

Lines 60 to 65 in 1a1a756

}
protected AttackResult injectableQuery(String query) {
try (var connection = dataSource.getConnection()) {
Statement statement = connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY);
ResultSet results = statement.executeQuery(query);

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java

Line 58 in 1a1a756

public AttackResult completed(@RequestParam String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java

Line 59 in 1a1a756

return injectableQuery(query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java

Line 62 in 1a1a756

protected AttackResult injectableQuery(String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java

Line 65 in 1a1a756

ResultSet results = statement.executeQuery(query);

Secure Code Warrior Training Material

Training

ย ย ย  Secure Code Warrior SQL Injection Training

Videos

ย ย ย  Secure Code Warrior SQL Injection Video

Further Reading

ย ย ย  OWASP SQL Injection Prevention Cheat Sheet

ย ย ย  OWASP SQL Injection

ย ย ย  OWASP Query Parameterization Cheat Sheet

Findings Overview

Severity Vulnerability Type CWE Language Count
High Path/Directory Traversal CWE-22 Java* 7
High SQL Injection CWE-89 Java* 14
High Deserialization of Untrusted Data CWE-502 Java* 1
High Server Side Request Forgery CWE-918 Java* 2
Medium Error Messages Information Exposure CWE-209 Java* 4
Medium XML External Entity (XXE) Injection CWE-611 Java* 1
Low System Properties Disclosure CWE-497 Java* 1
Low Weak Hash Strength CWE-328 Java* 1
Low Log Forging CWE-117 Java* 1

License Policy Violation detected in WebGoatv2023.4

License Policy Violation detected in WebGoatv2023.4

Library - WebGoatv2023.4

WebGoat is a deliberately insecure application

Library home page: https://github.com/WebGoat/WebGoat.git

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

Source Files (51)

/src/main/resources/webgoat/static/js/goatApp/model/HintCollection.js
/src/main/resources/webgoat/static/js/libs/theme-monokai.js
/src/main/resources/webgoat/static/js/goatApp/view/PaginationControlView.js
/src/main/resources/lessons/csrf/js/csrf-review.js
/src/main/resources/lessons/jwt/js/jwt-buy.js
/src/main/resources/lessons/jwt/js/jwt-voting.js
/src/main/resources/webgoat/static/js/application.js
/src/main/resources/lessons/xss/js/stored-xss.js
/src/main/resources/webgoat/static/js/jquery/jquery-ui-1.10.4.custom.min.js
/src/main/resources/webgoat/static/js/goatApp/support/GoatUtils.js
/src/main/resources/webgoat/static/js/goatApp/controller/LessonController.js
/src/main/resources/webgoat/static/js/libs/ace.js
/src/main/resources/webgoat/static/js/goatApp/view/UserAndInfoView.js
/src/main/resources/webgoat/static/js/toggle.js
/src/main/resources/lessons/xss/js/assignment3.js
/src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js
/src/main/resources/webgoat/static/js/libs/mode-java.js
/src/main/resources/webgoat/static/js/goatApp/model/LessonContentModel.js
/src/main/resources/lessons/clientsidefiltering/js/clientSideFilteringFree.js
/src/main/resources/webgoat/static/js/goatApp/view/ScoreboardView.js
/src/main/resources/webgoat/static/js/goatApp/model/MenuData.js
/src/main/resources/webgoat/static/js/quiz.js
/src/main/resources/lessons/sqlinjection/js/assignment13.js
/src/main/resources/webgoat/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js
/src/main/resources/lessons/clientsidefiltering/js/clientSideFiltering.js
/src/main/resources/lessons/xxe/js/xxe.js
/src/main/resources/webgoat/static/js/goatApp/view/HintView.js
/src/main/resources/webgoat/static/js/libs/jquery-ui-1.10.4.js
/src/main/resources/webgoat/static/js/goatApp/view/GoatRouter.js
/src/main/resources/webgoat/static/js/scoreboard.js
/src/main/resources/webgoat/static/js/libs/text.js
/src/main/resources/webgoat/static/js/goatApp/view/MenuButtonView.js
/src/main/resources/webgoat/static/js/goatApp/model/LabelDebugModel.js
/src/main/resources/lessons/spoofcookie/js/handler.js
/src/main/resources/webgoat/static/js/goatApp/view/MenuView.js
/src/main/resources/webgoat/static/js/goatApp/goatApp.js
/src/main/resources/lessons/challenges/js/challenge8.js
/src/main/resources/webgoat/static/js/goatApp/view/LessonContentView.js
/src/main/resources/webgoat/static/plugins/nanoScroller/jquery.nanoscroller.min.js
/src/main/resources/webgoat/static/plugins/bootstrap-slider/js/bootstrap-slider.js
/src/main/resources/lessons/pathtraversal/js/path_traversal.js
/src/main/resources/webgoat/static/js/goatApp/support/goatConstants.js
/src/main/resources/webwolf/static/js/jwt.js
/src/main/resources/webgoat/static/js/main.js
/src/main/resources/webgoat/static/js/goatApp/view/HelpControlsView.js
/src/main/resources/lessons/xss/js/assignment4.js
/src/main/resources/lessons/jwt/js/jwt-refresh.js
/src/main/resources/webgoat/static/js/goatApp/view/ErrorNotificationView.js
/src/main/resources/webgoat/static/js/search.js
/src/main/resources/webgoat/static/js/goatApp/support/goatAsyncErrorHandler.js
/src/main/resources/webgoat/static/js/modernizr.min.js

๐Ÿ“ƒ License Details

GPL

ย ย ย  โ›” License Policy Violation - Block GPL

License Policy Violation detected in hibernate-commons-annotations-5.1.2.Final.jar

License Policy Violation detected in hibernate-commons-annotations-5.1.2.Final.jar

Library - hibernate-commons-annotations-5.1.2.Final.jar

Common reflection code used in support of annotation processing

Library home page: http://hibernate.org

Path to dependency file: /pom.xml

Path to library: /home/wss-scanner/.m2/repository/org/hibernate/common/hibernate-commons-annotations/5.1.2.Final/hibernate-commons-annotations-5.1.2.Final.jar

Dependency Hierarchy:

  • spring-boot-starter-data-jpa-2.7.18.jar (Root Library)
    • hibernate-core-5.6.15.Final.jar
      • โŒ hibernate-commons-annotations-5.1.2.Final.jar (Library containing License Policy Violation)

Found in HEAD commit: a852016d15cd2ec55bf3977c7739181346a561ae

Found in base branch: main

๐Ÿ“ƒ License Details

LGPL 2.1
License Reference File: https://index.mend.io/gri/app/reader/resource/content/asString/9cec02c3-f4b0-45b5-b43f-85fbb1af4798

ย ย ย  โ›” License Policy Violation - Block GPL

jjwt-0.9.1.jar: 1 vulnerabilities (highest severity is: 8.7) - autoclosed

Vulnerable Library - jjwt-0.9.1.jar

Library home page: https://github.com/jwtk/jjwt

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/jsonwebtoken/jjwt/0.9.1/jjwt-0.9.1.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (jjwt version) Remediation Possible** Reachability
CVE-2024-31033 High 8.7 Not Defined 0.0% jjwt-0.9.1.jar Direct N/A โŒ

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2024-31033

Vulnerable Library - jjwt-0.9.1.jar

Library home page: https://github.com/jwtk/jjwt

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/jsonwebtoken/jjwt/0.9.1/jjwt-0.9.1.jar

Dependency Hierarchy:

  • โŒ jjwt-0.9.1.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class. NOTE: the vendor disputes this because the "ignores" behavior cannot occur (in any version) unless there is a user error in how JJWT is used, and because the version that was actually tested must have been more than six years out of date.

Publish Date: 2024-04-01

URL: CVE-2024-31033

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (8.7)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

hsqldb-2.5.2.jar: 1 vulnerabilities (highest severity is: 8.9) reachable

Vulnerable Library - hsqldb-2.5.2.jar

HSQLDB - Lightweight 100% Java SQL Database Engine

Library home page: http://hsqldb.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hsqldb/hsqldb/2.5.2/hsqldb-2.5.2.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (hsqldb version) Remediation Possible** Reachability
CVE-2022-41853 High 8.9 Not Defined 1.3000001% hsqldb-2.5.2.jar Direct 2.7.1 โœ…

Reachable

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-41853

Vulnerable Library - hsqldb-2.5.2.jar

HSQLDB - Lightweight 100% Java SQL Database Engine

Library home page: http://hsqldb.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/hsqldb/hsqldb/2.5.2/hsqldb-2.5.2.jar

Dependency Hierarchy:

  • โŒ hsqldb-2.5.2.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

This vulnerability is potentially reachable

org.owasp.webgoat.lessons.sqlinjection.introduction.SqlInjectionLesson9 (Application)
  -> org.hsqldb.jdbc.JDBCResultSet (Extension)
   -> โŒ org.hsqldb.persist.HsqlDatabaseProperties (Vulnerable Component)

Vulnerability Details

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.

Publish Date: 2022-10-06

URL: CVE-2022-41853

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.3000001%

CVSS 4 Score Details (8.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-77xx-rxvh-q682

Release Date: 2022-10-06

Fix Resolution: 2.7.1

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

bootstrap-3.1.1.min.js: 6 vulnerabilities (highest severity is: 6.3)

Vulnerable Library - bootstrap-3.1.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (bootstrap version) Remediation Possible** Reachability
CVE-2018-14040 Medium 6.3 Not Defined 0.8% bootstrap-3.1.1.min.js Direct bootstrap - 3.4.0,4.1.2 โŒ
CVE-2019-8331 Medium 5.3 Not Defined 0.3% bootstrap-3.1.1.min.js Direct bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1 โŒ
CVE-2018-20677 Medium 5.3 Not Defined 0.4% bootstrap-3.1.1.min.js Direct Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0 โŒ
CVE-2018-20676 Medium 5.3 Not Defined 0.3% bootstrap-3.1.1.min.js Direct bootstrap - 3.4.0 โŒ
CVE-2018-14042 Medium 5.3 Not Defined 0.5% bootstrap-3.1.1.min.js Direct org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0 โŒ
CVE-2016-10735 Medium 5.3 Not Defined 0.2% bootstrap-3.1.1.min.js Direct bootstrap - 3.4.0, 4.0.0-beta.2 โŒ

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2018-14040

Vulnerable Library - bootstrap-3.1.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Dependency Hierarchy:

  • โŒ bootstrap-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Publish Date: 2018-07-13

URL: CVE-2018-14040

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.8%

CVSS 4 Score Details (6.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14040

Release Date: 2018-07-13

Fix Resolution: bootstrap - 3.4.0,4.1.2

CVE-2019-8331

Vulnerable Library - bootstrap-3.1.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Dependency Hierarchy:

  • โŒ bootstrap-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Publish Date: 2019-02-20

URL: CVE-2019-8331

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.3%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-02-20

Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1

CVE-2018-20677

Vulnerable Library - bootstrap-3.1.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Dependency Hierarchy:

  • โŒ bootstrap-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Publish Date: 2019-01-09

URL: CVE-2018-20677

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.4%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677

Release Date: 2019-01-09

Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0

CVE-2018-20676

Vulnerable Library - bootstrap-3.1.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Dependency Hierarchy:

  • โŒ bootstrap-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

Publish Date: 2019-01-09

URL: CVE-2018-20676

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.3%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676

Release Date: 2019-01-09

Fix Resolution: bootstrap - 3.4.0

CVE-2018-14042

Vulnerable Library - bootstrap-3.1.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Dependency Hierarchy:

  • โŒ bootstrap-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.5%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0

CVE-2016-10735

Vulnerable Library - bootstrap-3.1.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Dependency Hierarchy:

  • โŒ bootstrap-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Mend Note: Converted from WS-2018-0021, on 2022-11-08.

Publish Date: 2019-01-09

URL: CVE-2016-10735

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735

Release Date: 2019-01-09

Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2

bootstrap-3.3.7.jar: 7 vulnerabilities (highest severity is: 6.3)

Vulnerable Library - bootstrap-3.3.7.jar

WebJar for Bootstrap

Library home page: http://webjars.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (bootstrap version) Remediation Possible** Reachability
CVE-2018-14040 Medium 6.3 Not Defined 0.8% bootstrap-3.3.7.jar Direct 3.4.0 โœ…

Unreachable
CVE-2019-8331 Medium 5.3 Not Defined 0.3% bootstrap-3.3.7.jar Direct 3.4.1 โœ…

Unreachable
CVE-2018-20677 Medium 5.3 Not Defined 0.4% bootstrap-3.3.7.jar Direct 3.4.0 โœ…

Unreachable
CVE-2018-20676 Medium 5.3 Not Defined 0.3% bootstrap-3.3.7.jar Direct 3.4.0 โœ…

Unreachable
CVE-2018-14042 Medium 5.3 Not Defined 0.5% bootstrap-3.3.7.jar Direct 3.4.0 โœ…

Unreachable
CVE-2016-10735 Medium 5.3 Not Defined 0.2% bootstrap-3.3.7.jar Direct 3.4.0 โœ…

Unreachable
CVE-2024-6484 Medium 5.3 Not Defined 0.0% bootstrap-3.3.7.jar Direct 4.0.0-alpha โœ…

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2018-14040

Vulnerable Library - bootstrap-3.3.7.jar

WebJar for Bootstrap

Library home page: http://webjars.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar

Dependency Hierarchy:

  • โŒ bootstrap-3.3.7.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Publish Date: 2018-07-13

URL: CVE-2018-14040

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.8%

CVSS 4 Score Details (6.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14040

Release Date: 2018-07-13

Fix Resolution: 3.4.0

In order to enable automatic remediation, please create workflow rules

CVE-2019-8331

Vulnerable Library - bootstrap-3.3.7.jar

WebJar for Bootstrap

Library home page: http://webjars.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar

Dependency Hierarchy:

  • โŒ bootstrap-3.3.7.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Publish Date: 2019-02-20

URL: CVE-2019-8331

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.3%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-02-20

Fix Resolution: 3.4.1

In order to enable automatic remediation, please create workflow rules

CVE-2018-20677

Vulnerable Library - bootstrap-3.3.7.jar

WebJar for Bootstrap

Library home page: http://webjars.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar

Dependency Hierarchy:

  • โŒ bootstrap-3.3.7.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Publish Date: 2019-01-09

URL: CVE-2018-20677

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.4%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677

Release Date: 2019-01-09

Fix Resolution: 3.4.0

In order to enable automatic remediation, please create workflow rules

CVE-2018-20676

Vulnerable Library - bootstrap-3.3.7.jar

WebJar for Bootstrap

Library home page: http://webjars.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar

Dependency Hierarchy:

  • โŒ bootstrap-3.3.7.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.

Publish Date: 2019-01-09

URL: CVE-2018-20676

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.3%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676

Release Date: 2019-01-09

Fix Resolution: 3.4.0

In order to enable automatic remediation, please create workflow rules

CVE-2018-14042

Vulnerable Library - bootstrap-3.3.7.jar

WebJar for Bootstrap

Library home page: http://webjars.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar

Dependency Hierarchy:

  • โŒ bootstrap-3.3.7.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.5%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-07-13

Fix Resolution: 3.4.0

In order to enable automatic remediation, please create workflow rules

CVE-2016-10735

Vulnerable Library - bootstrap-3.3.7.jar

WebJar for Bootstrap

Library home page: http://webjars.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar

Dependency Hierarchy:

  • โŒ bootstrap-3.3.7.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Reachability Analysis

The vulnerable code is unreachable

Vulnerability Details

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Mend Note: Converted from WS-2018-0021, on 2022-11-08.

Publish Date: 2019-01-09

URL: CVE-2016-10735

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735

Release Date: 2019-01-09

Fix Resolution: 3.4.0

In order to enable automatic remediation, please create workflow rules

CVE-2024-6484

Vulnerable Library - bootstrap-3.3.7.jar

WebJar for Bootstrap

Library home page: http://webjars.org

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/webjars/bootstrap/3.3.7/bootstrap-3.3.7.jar

Dependency Hierarchy:

  • โŒ bootstrap-3.3.7.jar (Vulnerable Library)

Found in HEAD commit: 4bac862a46e799442890a61d22cce98f7f0caf03

Found in base branch: main

Vulnerability Details

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

Publish Date: 2024-07-11

URL: CVE-2024-6484

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

CVSS 4 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-6484

Release Date: 2024-07-11

Fix Resolution: 4.0.0-alpha

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.