The apresentacao-evolucao from tiarebalbi

[DepShield] (CVSS 7.5) Vulnerability due to usage of com.netflix.eureka:eureka-client:1.1.147

Vulnerabilities

DepShield reports that this application's usage of com.netflix.eureka:eureka-client:1.1.147 results in the following vulnerability(s):

(CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

com.netflix.eureka:eureka-client:1.1.147 is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.cloud:spring-cloud-starter-eureka:1.0.3.RELEASE
└─ com.netflix.eureka:eureka-client:1.1.147

• org.springframework.cloud:spring-cloud-starter-eureka-server:1.0.3.RELEASE
└─ org.springframework.cloud:spring-cloud-netflix-eureka-server:1.0.3.RELEASE
└─ com.netflix.eureka:eureka-client:1.1.147

• org.springframework.cloud:spring-cloud-starter-eureka:1.0.3.RELEASE
└─ com.netflix.eureka:eureka-client:1.1.147

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 8.6) Vulnerability due to usage of org.springframework:spring-webmvc:4.1.6.RELEASE

Vulnerabilities

DepShield reports that this application's usage of org.springframework:spring-webmvc:4.1.6.RELEASE results in the following vulnerability(s):

(CVSS 8.6) [CVE-2015-5211] Improper Input Validation

Occurrences

org.springframework:spring-webmvc:4.1.6.RELEASE is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE
└─ org.springframework:spring-webmvc:4.1.6.RELEASE

• org.springframework.cloud:spring-cloud-starter-eureka-server:1.0.3.RELEASE
        └─ org.springframework.cloud:spring-cloud-netflix-eureka-server:1.0.3.RELEASE
              └─ org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE
                    └─ org.springframework:spring-webmvc:4.1.6.RELEASE

• org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE
└─ org.springframework:spring-webmvc:4.1.6.RELEASE

• org.springframework.cloud:spring-cloud-starter-hystrix-dashboard:1.0.3.RELEASE
└─ org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE
└─ org.springframework:spring-webmvc:4.1.6.RELEASE

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 9.8) Vulnerability due to usage of org.springframework.data:spring-data-commons:1.9.2.RELEASE

Vulnerabilities

DepShield reports that this application's usage of org.springframework.data:spring-data-commons:1.9.2.RELEASE results in the following vulnerability(s):

(CVSS 9.8) [CVE-2018-1273] Improper Input Validation

Occurrences

org.springframework.data:spring-data-commons:1.9.2.RELEASE is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.boot:spring-boot-starter-data-mongodb:1.2.6.RELEASE
└─ org.springframework.data:spring-data-mongodb:1.6.2.RELEASE
└─ org.springframework.data:spring-data-commons:1.9.2.RELEASE

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 5.9) Vulnerability due to usage of com.google.guava:guava:18.0

Vulnerabilities

DepShield reports that this application's usage of com.google.guava:guava:18.0 results in the following vulnerability(s):

(CVSS 5.9) [CVE-2018-10237] Deserialization of Untrusted Data

Occurrences

com.google.guava:guava:18.0 is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.cloud:spring-cloud-starter-hystrix:1.0.3.RELEASE
└─ com.netflix.hystrix:hystrix-javanica:1.4.10
└─ com.google.guava:guava:18.0

• org.springframework.cloud:spring-cloud-starter-eureka-server:1.0.3.RELEASE
        └─ org.springframework.cloud:spring-cloud-netflix-eureka-server:1.0.3.RELEASE
              └─ com.netflix.blitz4j:blitz4j:1.36.0
                    └─ com.google.guava:guava:18.0

• org.springframework.cloud:spring-cloud-starter-eureka:1.0.3.RELEASE
        └─ com.netflix.eureka:eureka-client:1.1.147
              └─ com.netflix.archaius:archaius-core:0.6.5
                    └─ com.google.guava:guava:18.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 9.1) Vulnerability due to usage of org.apache.tomcat.embed:tomcat-embed-core:8.0.26

Vulnerabilities

DepShield reports that this application's usage of org.apache.tomcat.embed:tomcat-embed-core:8.0.26 results in the following vulnerability(s):

(CVSS 9.1) [CVE-2017-5648] Improper Access Control
(CVSS 8.8) [CVE-2016-0714] Permissions, Privileges, and Access Controls
(CVSS 8.1) [CVE-2016-5388] Improper Access Control
(CVSS 8.1) [CVE-2015-5346] Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8....
(CVSS 8.1) [CVE-2017-12617] When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC...
(CVSS 7.5) [CVE-2017-5664] The error page mechanism of the Java Servlet Specification requires that, when a...
(CVSS 7.5) [CVE-2018-8014] The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to ...
(CVSS 7.5) [CVE-2017-5647] Information Exposure
(CVSS 7.5) [CVE-2018-8034] The host name verification when using TLS with the WebSocket client was missing....
(CVSS 7.5) [CVE-2016-8745] A bug in the error handling of the send file code for the NIO HTTP connector in ...
(CVSS 7.5) [CVE-2018-1336] Uncontrolled Resource Consumption ("Resource Exhaustion")
(CVSS 7.5) [CVE-2016-3092] Improper Input Validation
(CVSS 7.5) [CVE-2016-6797] Improper Access Control
(CVSS 7.1) [CVE-2016-6816] Improper Input Validation
(CVSS 6.5) [CVE-2018-1305] Improper Access Control
(CVSS 6.3) [CVE-2016-0763] Permissions, Privileges, and Access Controls
(CVSS 5.9) [CVE-2016-0762] Permissions, Privileges, and Access Controls
(CVSS 5.9) [CVE-2018-1304] The URL pattern of "" (the empty string) which exactly maps to the context root ...
(CVSS 5.3) [CVE-2015-5345] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")
(CVSS 5.3) [CVE-2016-6794] Information Exposure
(CVSS 4.3) [CVE-2016-0706] Information Exposure
(CVSS 4.3) [CVE-2015-5174] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")
(CVSS 4.3) [CVE-2017-7674] Insufficient Verification of Data Authenticity

Occurrences

org.apache.tomcat.embed:tomcat-embed-core:8.0.26 is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE
└─ org.springframework.boot:spring-boot-starter-tomcat:1.2.6.RELEASE
└─ org.apache.tomcat.embed:tomcat-embed-core:8.0.26

• org.springframework.cloud:spring-cloud-starter-eureka-server:1.0.3.RELEASE
        └─ org.springframework.cloud:spring-cloud-netflix-eureka-server:1.0.3.RELEASE
              └─ org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE
                    └─ org.springframework.boot:spring-boot-starter-tomcat:1.2.6.RELEASE
                          └─ org.apache.tomcat.embed:tomcat-embed-core:8.0.26

• org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE
└─ org.springframework.boot:spring-boot-starter-tomcat:1.2.6.RELEASE
└─ org.apache.tomcat.embed:tomcat-embed-core:8.0.26

• org.springframework.cloud:spring-cloud-starter-hystrix-dashboard:1.0.3.RELEASE
        └─ org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE
              └─ org.springframework.boot:spring-boot-starter-tomcat:1.2.6.RELEASE
                    └─ org.apache.tomcat.embed:tomcat-embed-core:8.0.26

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 9.8) Vulnerability due to usage of ch.qos.logback:logback-core:1.1.3

Vulnerabilities

DepShield reports that this application's usage of ch.qos.logback:logback-core:1.1.3 results in the following vulnerability(s):

(CVSS 9.8) [CVE-2017-5929] Deserialization of Untrusted Data

Occurrences

ch.qos.logback:logback-core:1.1.3 is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.boot:spring-boot-starter-actuator:1.2.6.RELEASE
        └─ org.springframework.boot:spring-boot-starter:1.2.6.RELEASE
              └─ org.springframework.boot:spring-boot-starter-logging:1.2.6.RELEASE
                    └─ ch.qos.logback:logback-classic:1.1.3
                          └─ ch.qos.logback:logback-core:1.1.3

• org.springframework.boot:spring-boot-starter:1.2.6.RELEASE
        └─ org.springframework.boot:spring-boot-starter-logging:1.2.6.RELEASE
              └─ ch.qos.logback:logback-classic:1.1.3
                    └─ ch.qos.logback:logback-core:1.1.3

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 9.8) Vulnerability due to usage of ch.qos.logback:logback-classic:1.1.3

Vulnerabilities

DepShield reports that this application's usage of ch.qos.logback:logback-classic:1.1.3 results in the following vulnerability(s):

(CVSS 9.8) [CVE-2017-5929] Deserialization of Untrusted Data

Occurrences

ch.qos.logback:logback-classic:1.1.3 is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.boot:spring-boot-starter-actuator:1.2.6.RELEASE
        └─ org.springframework.boot:spring-boot-starter:1.2.6.RELEASE
              └─ org.springframework.boot:spring-boot-starter-logging:1.2.6.RELEASE
                    └─ ch.qos.logback:logback-classic:1.1.3

• org.springframework.boot:spring-boot-starter:1.2.6.RELEASE
└─ org.springframework.boot:spring-boot-starter-logging:1.2.6.RELEASE
└─ ch.qos.logback:logback-classic:1.1.3

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.5) Vulnerability due to usage of com.netflix.eureka:eureka-core:1.1.147

Vulnerabilities

DepShield reports that this application's usage of com.netflix.eureka:eureka-core:1.1.147 results in the following vulnerability(s):

(CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

com.netflix.eureka:eureka-core:1.1.147 is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.cloud:spring-cloud-starter-eureka-server:1.0.3.RELEASE
└─ org.springframework.cloud:spring-cloud-netflix-eureka-server:1.0.3.RELEASE
└─ com.netflix.eureka:eureka-core:1.1.147

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.5) Vulnerability due to usage of com.thoughtworks.xstream:xstream:1.4.2

Vulnerabilities

DepShield reports that this application's usage of com.thoughtworks.xstream:xstream:1.4.2 results in the following vulnerability(s):

(CVSS 7.5) [CVE-2017-7957] Improper Input Validation
(CVSS 7.5) [CVE-2016-3674] Information Exposure

Occurrences

com.thoughtworks.xstream:xstream:1.4.2 is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.cloud:spring-cloud-starter-eureka:1.0.3.RELEASE
└─ com.thoughtworks.xstream:xstream:1.4.2

• org.springframework.cloud:spring-cloud-starter-eureka-server:1.0.3.RELEASE
└─ com.thoughtworks.xstream:xstream:1.4.2

• org.springframework.cloud:spring-cloud-starter-eureka:1.0.3.RELEASE
└─ com.thoughtworks.xstream:xstream:1.4.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 6.1) Vulnerability due to usage of com.netflix.hystrix:hystrix-core:1.4.10

Vulnerabilities

DepShield reports that this application's usage of com.netflix.hystrix:hystrix-core:1.4.10 results in the following vulnerability(s):

(CVSS 6.1) CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Occurrences

com.netflix.hystrix:hystrix-core:1.4.10 is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.cloud:spring-cloud-starter-hystrix:1.0.3.RELEASE
└─ com.netflix.hystrix:hystrix-core:1.4.10

• org.springframework.cloud:spring-cloud-starter-zuul:1.0.3.RELEASE
└─ org.springframework.cloud:spring-cloud-starter-hystrix:1.0.3.RELEASE
└─ com.netflix.hystrix:hystrix-core:1.4.10

• org.springframework.cloud:spring-cloud-starter-hystrix-dashboard:1.0.3.RELEASE
└─ org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard:1.0.3.RELEASE
└─ com.netflix.hystrix:hystrix-core:1.4.10

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 10.0) Vulnerability due to usage of com.fasterxml.jackson.core:jackson-databind:2.4.6

Vulnerabilities

DepShield reports that this application's usage of com.fasterxml.jackson.core:jackson-databind:2.4.6 results in the following vulnerability(s):

(CVSS 10.0) [CVE-2018-14721] FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to cond...
(CVSS 9.8) [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data
(CVSS 9.8) [CVE-2018-19361] Deserialization of Untrusted Data
(CVSS 9.8) [CVE-2017-17485] Improper Control of Generation of Code ("Code Injection")
(CVSS 9.8) [CVE-2018-11307] An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use o...
(CVSS 9.8) [CVE-2018-14719] Deserialization of Untrusted Data
(CVSS 9.8) [CVE-2018-14718] Deserialization of Untrusted Data
(CVSS 9.8) [CVE-2017-7525] Deserialization of Untrusted Data
(CVSS 9.8) [CVE-2017-15095] Deserialization of Untrusted Data
(CVSS 9.8) [CVE-2018-19360] Deserialization of Untrusted Data
(CVSS 9.8) [CVE-2018-19362] Deserialization of Untrusted Data
(CVSS 9.8) [CVE-2018-14720] Improper Restriction of XML External Entity Reference ("XXE")
(CVSS 8.1) [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data
(CVSS 7.5) [CVE-2019-12086] Information Exposure
(CVSS 5.9) [CVE-2019-12814] Information Exposure
(CVSS 5.9) [CVE-2019-12384] Deserialization of Untrusted Data
(CVSS 5.4) CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

Occurrences

com.fasterxml.jackson.core:jackson-databind:2.4.6 is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.boot:spring-boot-starter-data-rest:1.2.6.RELEASE
└─ com.fasterxml.jackson.core:jackson-databind:2.4.6

• org.springframework.boot:spring-boot-starter-actuator:1.2.6.RELEASE
└─ org.springframework.boot:spring-boot-actuator:1.2.6.RELEASE
└─ com.fasterxml.jackson.core:jackson-databind:2.4.6

• org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE
└─ com.fasterxml.jackson.core:jackson-databind:2.4.6

• org.springframework.boot:spring-boot-starter-actuator:1.2.6.RELEASE
└─ org.springframework.boot:spring-boot-actuator:1.2.6.RELEASE
└─ com.fasterxml.jackson.core:jackson-databind:2.4.6

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 7.5) Vulnerability due to usage of org.springframework:spring-core:4.1.7.RELEASE

Vulnerabilities

DepShield reports that this application's usage of org.springframework:spring-core:4.1.7.RELEASE results in the following vulnerability(s):

(CVSS 7.5) [CVE-2018-1272] Permissions, Privileges, and Access Controls

Occurrences

org.springframework:spring-core:4.1.7.RELEASE is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.boot:spring-boot-starter-actuator:1.2.6.RELEASE
└─ org.springframework:spring-core:4.1.7.RELEASE

• org.springframework.boot:spring-boot-starter:1.2.6.RELEASE
└─ org.springframework:spring-core:4.1.7.RELEASE

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

[DepShield] (CVSS 8.6) Vulnerability due to usage of org.springframework:spring-web:4.1.6.RELEASE

Vulnerabilities

DepShield reports that this application's usage of org.springframework:spring-web:4.1.6.RELEASE results in the following vulnerability(s):

(CVSS 8.6) [CVE-2015-5211] Improper Input Validation

Occurrences

org.springframework:spring-web:4.1.6.RELEASE is a transitive dependency introduced by the following direct dependency(s):

• org.springframework.cloud:spring-cloud-starter-feign:1.0.3.RELEASE
└─ org.springframework:spring-web:4.1.6.RELEASE

• org.springframework.cloud:spring-cloud-starter-eureka-server:1.0.3.RELEASE
        └─ org.springframework.cloud:spring-cloud-netflix-eureka-server:1.0.3.RELEASE
              └─ org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE
                    └─ org.springframework:spring-web:4.1.6.RELEASE

• org.springframework.cloud:spring-cloud-starter-feign:1.0.3.RELEASE
└─ org.springframework:spring-web:4.1.6.RELEASE

• org.springframework.cloud:spring-cloud-starter-hystrix-dashboard:1.0.3.RELEASE
└─ org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE
└─ org.springframework:spring-web:4.1.6.RELEASE

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

tiarebalbi / apresentacao-evolucao Goto Github PK

apresentacao-evolucao's Introduction

Hi 👋, I'm Tiarê Balbi Bonamini

Connect with me:

Latest Blog Posts

apresentacao-evolucao's People

Contributors

Watchers

apresentacao-evolucao's Issues

Recommend Projects

Recommend Topics

Recommend Org