Vulnerabilities	1 via 1 paths
Dependencies	50
Source	GitHub
Commit	6e2fc604

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Issue type

Vulnerabilities
1
License issues
2

Severity

Critical
High
1
Medium
2
Low

Status

Open
3
Patched
0
Ignored
0

high severity

new

Allocation of Resources Without Limits or Throttling

Vulnerable module: tools.jackson.core:jackson-core
Introduced through: org.springframework.boot:spring-boot-starter-web@4.0.4

Detailed paths

Introduced through: alina-yur/native-spring-boot@alina-yur/native-spring-boot#6e2fc604007aaf98399eb4be17af62a58db353ff › org.springframework.boot:spring-boot-starter-web@4.0.4 › org.springframework.boot:spring-boot-starter-jackson@4.0.4 › org.springframework.boot:spring-boot-jackson@4.0.4 › tools.jackson.core:jackson-databind@3.1.0 › tools.jackson.core:jackson-core@3.1.0

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the enforcement of document length constraints in blocking, async, and DataInput parser processes. An attacker can cause excessive resource consumption by submitting oversized JSON documents that bypass configured size limits.

Remediation

Upgrade tools.jackson.core:jackson-core to version 3.1.1 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

Module: ch.qos.logback:logback-classic
Introduced through: org.springframework.boot:spring-boot-starter-actuator@4.0.4 and org.springframework.boot:spring-boot-starter-web@4.0.4

Detailed paths

Introduced through: alina-yur/native-spring-boot@alina-yur/native-spring-boot#6e2fc604007aaf98399eb4be17af62a58db353ff › org.springframework.boot:spring-boot-starter-actuator@4.0.4 › org.springframework.boot:spring-boot-starter@4.0.4 › org.springframework.boot:spring-boot-starter-logging@4.0.4 › ch.qos.logback:logback-classic@1.5.32
Introduced through: alina-yur/native-spring-boot@alina-yur/native-spring-boot#6e2fc604007aaf98399eb4be17af62a58db353ff › org.springframework.boot:spring-boot-starter-actuator@4.0.4 › org.springframework.boot:spring-boot-starter-micrometer-metrics@4.0.4 › org.springframework.boot:spring-boot-starter@4.0.4 › org.springframework.boot:spring-boot-starter-logging@4.0.4 › ch.qos.logback:logback-classic@1.5.32
Introduced through: alina-yur/native-spring-boot@alina-yur/native-spring-boot#6e2fc604007aaf98399eb4be17af62a58db353ff › org.springframework.boot:spring-boot-starter-web@4.0.4 › org.springframework.boot:spring-boot-starter-jackson@4.0.4 › org.springframework.boot:spring-boot-starter@4.0.4 › org.springframework.boot:spring-boot-starter-logging@4.0.4 › ch.qos.logback:logback-classic@1.5.32
Introduced through: alina-yur/native-spring-boot@alina-yur/native-spring-boot#6e2fc604007aaf98399eb4be17af62a58db353ff › org.springframework.boot:spring-boot-starter-web@4.0.4 › org.springframework.boot:spring-boot-starter-tomcat@4.0.4 › org.springframework.boot:spring-boot-starter@4.0.4 › org.springframework.boot:spring-boot-starter-logging@4.0.4 › ch.qos.logback:logback-classic@1.5.32

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

Module: ch.qos.logback:logback-core
Introduced through: org.springframework.boot:spring-boot-starter-actuator@4.0.4 and org.springframework.boot:spring-boot-starter-web@4.0.4

Detailed paths

Introduced through: alina-yur/native-spring-boot@alina-yur/native-spring-boot#6e2fc604007aaf98399eb4be17af62a58db353ff › org.springframework.boot:spring-boot-starter-actuator@4.0.4 › org.springframework.boot:spring-boot-starter@4.0.4 › org.springframework.boot:spring-boot-starter-logging@4.0.4 › ch.qos.logback:logback-classic@1.5.32 › ch.qos.logback:logback-core@1.5.32
Introduced through: alina-yur/native-spring-boot@alina-yur/native-spring-boot#6e2fc604007aaf98399eb4be17af62a58db353ff › org.springframework.boot:spring-boot-starter-actuator@4.0.4 › org.springframework.boot:spring-boot-starter-micrometer-metrics@4.0.4 › org.springframework.boot:spring-boot-starter@4.0.4 › org.springframework.boot:spring-boot-starter-logging@4.0.4 › ch.qos.logback:logback-classic@1.5.32 › ch.qos.logback:logback-core@1.5.32
Introduced through: alina-yur/native-spring-boot@alina-yur/native-spring-boot#6e2fc604007aaf98399eb4be17af62a58db353ff › org.springframework.boot:spring-boot-starter-web@4.0.4 › org.springframework.boot:spring-boot-starter-jackson@4.0.4 › org.springframework.boot:spring-boot-starter@4.0.4 › org.springframework.boot:spring-boot-starter-logging@4.0.4 › ch.qos.logback:logback-classic@1.5.32 › ch.qos.logback:logback-core@1.5.32
Introduced through: alina-yur/native-spring-boot@alina-yur/native-spring-boot#6e2fc604007aaf98399eb4be17af62a58db353ff › org.springframework.boot:spring-boot-starter-web@4.0.4 › org.springframework.boot:spring-boot-starter-tomcat@4.0.4 › org.springframework.boot:spring-boot-starter@4.0.4 › org.springframework.boot:spring-boot-starter-logging@4.0.4 › ch.qos.logback:logback-classic@1.5.32 › ch.qos.logback:logback-core@1.5.32

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

Vulnerabilities

Dependencies

Source

Commit

Find, fix and prevent vulnerabilities in your code.

high severity new

Allocation of Resources Without Limits or Throttling

Detailed paths

Overview

Remediation

References

medium severity

Dual license: EPL-1.0, LGPL-2.1

Detailed paths

medium severity

Dual license: EPL-1.0, LGPL-2.1

Detailed paths

high severity

new