Vulnerabilities

 3 via 49 paths

Dependencies

 57

Source

 GitHub

Commit

 5931119d

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 2
  • 1
Status
  • 3
  • 0
  • 0

medium severity

Improper Input Validation

  • Vulnerable module: org.springframework:spring-core
  • Introduced through: org.glassfish.jersey.ext:jersey-spring4@2.42, org.springframework:spring-beans@5.3.34 and others

Detailed paths

  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.glassfish.jersey.ext:jersey-spring4@2.42 org.springframework:spring-core@4.3.30.RELEASE
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-beans@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-web@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-web@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-aop@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-aop@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-context@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-context@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.glassfish.jersey.ext:jersey-spring4@2.42 org.springframework:spring-web@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-web@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-web@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-web@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-aop@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-aop@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-context@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-context@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-context@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-context@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-context@5.3.34 org.springframework:spring-expression@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-context@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-expression@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-context@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-web@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-context@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-context@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-context@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-context@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-context@5.3.34 org.springframework:spring-expression@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-context@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.

Overview

org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities.

Affected versions of this package are vulnerable to Improper Input Validation when a user provides malicious input, causing insertion of additional log entries.

Remediation

Upgrade org.springframework:spring-core to version 5.2.19.RELEASE, 5.3.14 or higher.

References

Improper Input Validation vulnerability report

medium severity

Improper Output Neutralization for Logs

  • Vulnerable module: org.springframework:spring-core
  • Introduced through: org.glassfish.jersey.ext:jersey-spring4@2.42, org.springframework:spring-beans@5.3.34 and others

Detailed paths

  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.glassfish.jersey.ext:jersey-spring4@2.42 org.springframework:spring-core@4.3.30.RELEASE
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-beans@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-web@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-web@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-aop@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-aop@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-context@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-context@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.glassfish.jersey.ext:jersey-spring4@2.42 org.springframework:spring-web@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-web@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-web@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-web@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-aop@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-aop@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-context@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-context@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-context@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-context@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-context@5.3.34 org.springframework:spring-expression@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-context@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-expression@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-context@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-web@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-context@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-context@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-context@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-context@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-context@5.3.34 org.springframework:spring-expression@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.
  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.springframework:spring-webmvc@5.3.34 org.springframework:spring-context@5.3.34 org.springframework:spring-aop@5.3.34 org.springframework:spring-beans@5.3.34 org.springframework:spring-core@4.3.30.RELEASE
    Remediation: Upgrade to org.springframework:spring-webmvc@5.3.34.

Overview

org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs when a user provides malicious input, causing insertion of additional log entries.

Remediation

Upgrade org.springframework:spring-core to version 5.3.12, 5.2.18 or higher.

References

Improper Output Neutralization for Logs vulnerability report

low severity

Information Exposure

  • Vulnerable module: commons-codec:commons-codec
  • Introduced through: org.apache.httpcomponents:httpclient@4.5.14

Detailed paths

  • Introduced through: Cantara/Whydah-TestWebApp@Cantara/Whydah-TestWebApp#5931119d07a6cbc0426cfbb5b5f5cc26fbb28a5e org.apache.httpcomponents:httpclient@4.5.14 commons-codec:commons-codec@1.11

Overview

commons-codec:commons-codec is a package that contains simple encoder and decoders for various formats such as Base64 and Hexadecimal.

Affected versions of this package are vulnerable to Information Exposure. When there is no byte array value that can be encoded into a string the Base32 implementation does not reject it, and instead decodes it into an arbitrary value which can be re-encoded again using the same implementation. This allows for information exposure exploits such as tunneling additional information via seemingly valid base 32 strings.

Remediation

Upgrade commons-codec:commons-codec to version 1.13 or higher.

References

Information Exposure vulnerability report