Vulnerabilities	1 via 1 paths
Dependencies	60
Source	GitHub
Commit	b99071d4

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Issue type

Vulnerabilities
1
License issues
3

Severity

Critical
High
Medium
4
Low

Status

Open
4
Patched
0
Ignored
0

medium severity

new

Improper Neutralization

Vulnerable module: org.eclipse.angus:angus-mail
Introduced through: org.glassfish.jersey.media:jersey-media-moxy@3.1.11

Detailed paths

Introduced through: Cantara/Whydah-SecurityTokenService@Cantara/Whydah-SecurityTokenService#b99071d4a3a94676b6ed5e7aba609ed0b4bdf4d7 › org.glassfish.jersey.media:jersey-media-moxy@3.1.11 › org.eclipse.persistence:org.eclipse.persistence.moxy@4.0.7 › org.eclipse.angus:angus-mail@2.0.3

Overview

org.eclipse.angus:angus-mail is an Angus Mail Provider.

Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and line feed characters.

Note:

This is only exploitable if the provided dependency org.eclipse.angus:smtp is used.

Remediation

Upgrade org.eclipse.angus:angus-mail to version 2.0.4 or higher.

References

Improper Neutralization vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

Module: ch.qos.logback:logback-classic
Introduced through: ch.qos.logback:logback-classic@1.5.18

Detailed paths

Introduced through: Cantara/Whydah-SecurityTokenService@Cantara/Whydah-SecurityTokenService#b99071d4a3a94676b6ed5e7aba609ed0b4bdf4d7 › ch.qos.logback:logback-classic@1.5.18

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

Module: ch.qos.logback:logback-core
Introduced through: ch.qos.logback:logback-classic@1.5.18

Detailed paths

Introduced through: Cantara/Whydah-SecurityTokenService@Cantara/Whydah-SecurityTokenService#b99071d4a3a94676b6ed5e7aba609ed0b4bdf4d7 › ch.qos.logback:logback-classic@1.5.18 › ch.qos.logback:logback-core@1.5.18

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

EPL-1.0 license

Module: junit:junit
Introduced through: org.glassfish.jersey.media:jersey-media-json-binding@3.1.11, org.glassfish.jersey.media:jersey-media-moxy@3.1.11 and others

Detailed paths

Introduced through: Cantara/Whydah-SecurityTokenService@Cantara/Whydah-SecurityTokenService#b99071d4a3a94676b6ed5e7aba609ed0b4bdf4d7 › org.glassfish.jersey.media:jersey-media-json-binding@3.1.11 › jakarta.json.bind:jakarta.json.bind-api@3.0.1 › junit:junit@4.13.2
Introduced through: Cantara/Whydah-SecurityTokenService@Cantara/Whydah-SecurityTokenService#b99071d4a3a94676b6ed5e7aba609ed0b4bdf4d7 › org.glassfish.jersey.media:jersey-media-moxy@3.1.11 › jakarta.json.bind:jakarta.json.bind-api@3.0.1 › junit:junit@4.13.2
Introduced through: Cantara/Whydah-SecurityTokenService@Cantara/Whydah-SecurityTokenService#b99071d4a3a94676b6ed5e7aba609ed0b4bdf4d7 › org.glassfish.jersey.media:jersey-media-multipart@3.1.11 › org.jvnet.mimepull:mimepull@1.9.15 › junit:junit@4.13.2

EPL-1.0 license

EPL-1.0 license vulnerability report

Vulnerabilities

Dependencies

Source

Commit

Find, fix and prevent vulnerabilities in your code.

medium severity new

Improper Neutralization

Detailed paths

Overview

Remediation

References

medium severity

Dual license: EPL-1.0, LGPL-2.1

Detailed paths

medium severity

Dual license: EPL-1.0, LGPL-2.1

Detailed paths

medium severity

EPL-1.0 license

Detailed paths

medium severity

new