Vulnerabilities

 1 via 1 paths

Dependencies

 9

Source

 GitHub

Commit

 ba6f24d7

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 2
Severity
  • 1
  • 2
Status
  • 3
  • 0
  • 0

high severity

Uncontrolled Recursion

  • Vulnerable module: org.apache.commons:commons-lang3
  • Introduced through: org.apache.commons:commons-compress@1.27.1

Detailed paths

  • Introduced through: Cantara/JAU-Updater-App@Cantara/JAU-Updater-App#ba6f24d768e8a479d91afde6b1dd0a10dbdef8d0 org.apache.commons:commons-compress@1.27.1 org.apache.commons:commons-lang3@3.16.0
    Remediation: Upgrade to org.apache.commons:commons-compress@1.28.0.

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.

Remediation

Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.

References

Uncontrolled Recursion vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-classic
  • Introduced through: ch.qos.logback:logback-classic@1.5.19

Detailed paths

  • Introduced through: Cantara/JAU-Updater-App@Cantara/JAU-Updater-App#ba6f24d768e8a479d91afde6b1dd0a10dbdef8d0 ch.qos.logback:logback-classic@1.5.19

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-core
  • Introduced through: ch.qos.logback:logback-classic@1.5.19

Detailed paths

  • Introduced through: Cantara/JAU-Updater-App@Cantara/JAU-Updater-App#ba6f24d768e8a479d91afde6b1dd0a10dbdef8d0 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report