Find, fix and prevent vulnerabilities in your code.
critical severity
- Vulnerable module: ws.schild:jave-core
- Introduced through: ws.schild:jave-core@3.0.1
Detailed paths
-
Introduced through: techgnious/IVCompressor@techgnious/IVCompressor#75b9b491af6192bbe0130c8e141f2c4205cdcd98 › ws.schild:jave-core@3.0.1
Overview
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') via the FFmpeg
function if it is opened to users by the developer. An attacker can execute arbitrary code by supplying malicious input to the function.
Note:
The attack needs to be initiated within the local network.
Remediation
There is no fixed version for ws.schild:jave-core
.
References
high severity
- Module: ws.schild:jave-core
- Introduced through: ws.schild:jave-core@3.0.1
Detailed paths
-
Introduced through: techgnious/IVCompressor@techgnious/IVCompressor#75b9b491af6192bbe0130c8e141f2c4205cdcd98 › ws.schild:jave-core@3.0.1
GPL-3.0 license
high severity
- Module: ws.schild:jave-nativebin-linux64
- Introduced through: ws.schild:jave-nativebin-linux64@3.0.1
Detailed paths
-
Introduced through: techgnious/IVCompressor@techgnious/IVCompressor#75b9b491af6192bbe0130c8e141f2c4205cdcd98 › ws.schild:jave-nativebin-linux64@3.0.1
GPL-3.0 license
high severity
- Module: ws.schild:jave-nativebin-osx64
- Introduced through: ws.schild:jave-nativebin-osx64@3.0.1
Detailed paths
-
Introduced through: techgnious/IVCompressor@techgnious/IVCompressor#75b9b491af6192bbe0130c8e141f2c4205cdcd98 › ws.schild:jave-nativebin-osx64@3.0.1
GPL-3.0 license
high severity
- Module: ws.schild:jave-nativebin-win64
- Introduced through: ws.schild:jave-nativebin-win64@3.0.1
Detailed paths
-
Introduced through: techgnious/IVCompressor@techgnious/IVCompressor#75b9b491af6192bbe0130c8e141f2c4205cdcd98 › ws.schild:jave-nativebin-win64@3.0.1
GPL-3.0 license
medium severity
- Vulnerable module: commons-io:commons-io
- Introduced through: commons-io:commons-io@2.8.0
Detailed paths
-
Introduced through: techgnious/IVCompressor@techgnious/IVCompressor#75b9b491af6192bbe0130c8e141f2c4205cdcd98 › commons-io:commons-io@2.8.0Remediation: Upgrade to commons-io:commons-io@2.14.0.
Overview
commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') through the XmlStreamReader
class. An attacker can cause the application to consume excessive CPU resources by sending specially crafted XML content.
Remediation
Upgrade commons-io:commons-io
to version 2.14.0 or higher.