Vulnerabilities

 1 via 8 paths

Dependencies

 63

Source

 GitHub

Commit

 c6323699

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 1
Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

high severity

Uncontrolled Recursion

  • Vulnerable module: org.apache.commons:commons-lang3
  • Introduced through: org.apache.commons:commons-configuration2@2.12.0, org.apache.activemq:artemis-server@2.41.0 and others

Detailed paths

  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.commons:commons-configuration2@2.12.0 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.apache.commons:commons-configuration2@2.13.0.
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-server@2.41.0 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.apache.activemq:artemis-server@2.43.0.
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.commons:commons-configuration2@2.12.0 org.apache.commons:commons-text@1.13.1 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.apache.commons:commons-configuration2@2.13.0.
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-server@2.41.0 org.apache.commons:commons-configuration2@2.12.0 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.apache.activemq:artemis-server@2.50.0.
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-jms-server@2.41.0 org.apache.activemq:artemis-server@2.41.0 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.apache.activemq:artemis-jms-server@2.43.0.
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-server@2.41.0 org.apache.commons:commons-configuration2@2.12.0 org.apache.commons:commons-text@1.13.1 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.apache.activemq:artemis-server@2.50.0.
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-jms-server@2.41.0 org.apache.activemq:artemis-server@2.41.0 org.apache.commons:commons-configuration2@2.12.0 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.apache.activemq:artemis-jms-server@2.50.0.
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-jms-server@2.41.0 org.apache.activemq:artemis-server@2.41.0 org.apache.commons:commons-configuration2@2.12.0 org.apache.commons:commons-text@1.13.1 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.apache.activemq:artemis-jms-server@2.50.0.

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.

Remediation

Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.

References

Uncontrolled Recursion vulnerability report

medium severity

EPL-1.0 license

  • Module: de.dentrassi.crypto:pem-keystore
  • Introduced through: org.apache.activemq:artemis-server@2.41.0 and org.apache.activemq:artemis-jms-server@2.41.0

Detailed paths

  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-server@2.41.0 org.apache.activemq:artemis-core-client@2.41.0 de.dentrassi.crypto:pem-keystore@3.0.0
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-jms-server@2.41.0 org.apache.activemq:artemis-core-client@2.41.0 de.dentrassi.crypto:pem-keystore@3.0.0
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-jms-server@2.41.0 org.apache.activemq:artemis-jms-client@2.41.0 org.apache.activemq:artemis-core-client@2.41.0 de.dentrassi.crypto:pem-keystore@3.0.0
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-server@2.41.0 org.apache.activemq:artemis-jdbc-store@2.41.0 org.apache.activemq:artemis-core-client@2.41.0 de.dentrassi.crypto:pem-keystore@3.0.0
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-jms-server@2.41.0 org.apache.activemq:artemis-server@2.41.0 org.apache.activemq:artemis-core-client@2.41.0 de.dentrassi.crypto:pem-keystore@3.0.0
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-jms-server@2.41.0 org.apache.activemq:artemis-service-extensions@2.41.0 org.apache.activemq:artemis-core-client@2.41.0 de.dentrassi.crypto:pem-keystore@3.0.0
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-jms-server@2.41.0 org.apache.activemq:artemis-service-extensions@2.41.0 org.apache.activemq:artemis-jms-client@2.41.0 org.apache.activemq:artemis-core-client@2.41.0 de.dentrassi.crypto:pem-keystore@3.0.0
  • Introduced through: adaptris/interlok-artemis@adaptris/interlok-artemis#c63236995f17047d568d10943dced04873304322 org.apache.activemq:artemis-jms-server@2.41.0 org.apache.activemq:artemis-server@2.41.0 org.apache.activemq:artemis-jdbc-store@2.41.0 org.apache.activemq:artemis-core-client@2.41.0 de.dentrassi.crypto:pem-keystore@3.0.0

EPL-1.0 license

EPL-1.0 license vulnerability report