Vulnerability report for Cantara/MessiGCSProvider

Vulnerabilities	1 via 1 paths
Dependencies	48
Source	GitHub
Commit	e69e8aab

Vulnerabilities

1 via 1 paths

Dependencies

Source

GitHub

Commit

e69e8aab

high severity

Uncontrolled Recursion

Vulnerable module: org.apache.commons:commons-lang3
Introduced through: org.apache.avro:avro@1.12.0

Detailed paths

Introduced through: Cantara/MessiGCSProvider@Cantara/MessiGCSProvider#e69e8aabbf659041ed83ae4a0e4f8a69d31d4b95 › org.apache.avro:avro@1.12.0 › org.apache.commons:commons-compress@1.26.2 › org.apache.commons:commons-lang3@3.14.0

Remediation: Upgrade to org.apache.avro:avro@1.12.1.

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.

Remediation

Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.

References

Uncontrolled Recursion vulnerability report

medium severity

EPL-1.0 license

Module: junit:junit
Introduced through: com.google.cloud:google-cloud-storage@2.59.0

Detailed paths

Introduced through: Cantara/MessiGCSProvider@Cantara/MessiGCSProvider#e69e8aabbf659041ed83ae4a0e4f8a69d31d4b95 › com.google.cloud:google-cloud-storage@2.59.0 › com.google.api.grpc:gapic-google-cloud-storage-v2@2.59.0 › junit:junit@4.13.2

EPL-1.0 license

EPL-1.0 license vulnerability report

Vulnerabilities

Dependencies

Source

Commit

Find, fix and prevent vulnerabilities in your code.

high severity

Uncontrolled Recursion

Detailed paths

Overview

Remediation

References

medium severity

EPL-1.0 license

Detailed paths