Find, fix and prevent vulnerabilities in your code.
medium severity
- Vulnerable module: org.springframework:spring-core
- Introduced through: org.glassfish.jersey.ext:jersey-spring4@2.42, org.springframework:spring-beans@5.3.34 and others
Detailed paths
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.glassfish.jersey.ext:jersey-spring4@2.42 › org.springframework:spring-core@4.3.30.RELEASE
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-beans@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-web@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-web@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-aop@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-aop@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-context@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-context@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.glassfish.jersey.ext:jersey-spring4@2.42 › org.springframework:spring-web@5.3.34 › org.springframework:spring-core@4.3.30.RELEASE
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-web@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-web@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-web@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-aop@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-aop@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-context@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-context@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-context@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-context@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-context@5.3.34 › org.springframework:spring-expression@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-context@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-expression@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-context@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-web@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-context@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-context@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-context@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-context@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-context@5.3.34 › org.springframework:spring-expression@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-context@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
Overview
org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities.
Affected versions of this package are vulnerable to Improper Input Validation when a user provides malicious input, causing insertion of additional log entries.
Remediation
Upgrade org.springframework:spring-core
to version 5.2.19.RELEASE, 5.3.14 or higher.
References
medium severity
- Vulnerable module: org.springframework:spring-core
- Introduced through: org.glassfish.jersey.ext:jersey-spring4@2.42, org.springframework:spring-beans@5.3.34 and others
Detailed paths
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.glassfish.jersey.ext:jersey-spring4@2.42 › org.springframework:spring-core@4.3.30.RELEASE
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-beans@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-web@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-web@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-aop@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-aop@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-context@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-context@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.glassfish.jersey.ext:jersey-spring4@2.42 › org.springframework:spring-web@5.3.34 › org.springframework:spring-core@4.3.30.RELEASE
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-web@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-web@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-web@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-aop@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-aop@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-context@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-context@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-context@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-context@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-context@5.3.34 › org.springframework:spring-expression@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-context@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-expression@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-context@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-web@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-context@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-context@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-context@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-context@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-context@5.3.34 › org.springframework:spring-expression@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.springframework:spring-webmvc@5.3.34 › org.springframework:spring-context@5.3.34 › org.springframework:spring-aop@5.3.34 › org.springframework:spring-beans@5.3.34 › org.springframework:spring-core@4.3.30.RELEASERemediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
Overview
org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities.
Affected versions of this package are vulnerable to Improper Output Neutralization for Logs when a user provides malicious input, causing insertion of additional log entries.
Remediation
Upgrade org.springframework:spring-core
to version 5.3.12, 5.2.18 or higher.
References
low severity
- Vulnerable module: commons-codec:commons-codec
- Introduced through: org.apache.httpcomponents:httpclient@4.5.14
Detailed paths
-
Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e › org.apache.httpcomponents:httpclient@4.5.14 › commons-codec:commons-codec@1.11
Overview
commons-codec:commons-codec is a package that contains simple encoder and decoders for various formats such as Base64 and Hexadecimal.
Affected versions of this package are vulnerable to Information Exposure. When there is no byte array value that can be encoded into a string the Base32 implementation does not reject it, and instead decodes it into an arbitrary value which can be re-encoded again using the same implementation. This allows for information exposure exploits such as tunneling additional information via seemingly valid base 32 strings.
Remediation
Upgrade commons-codec:commons-codec
to version 1.13 or higher.