Vulnerability report for autonomouslogic/custom-spec-filter

Vulnerabilities	1 via 1 paths
Dependencies	15
Source	GitHub
Commit	851a5621

Vulnerabilities

1 via 1 paths

Dependencies

Source

GitHub

Commit

851a5621

high severity

Uncontrolled Recursion

Vulnerable module: org.apache.commons:commons-lang3
Introduced through: io.swagger.core.v3:swagger-core@2.2.28

Detailed paths

Introduced through: autonomouslogic/custom-spec-filter@autonomouslogic/custom-spec-filter#851a5621182b95e59176c6106aa10b784d1406f4 › io.swagger.core.v3:swagger-core@2.2.28 › org.apache.commons:commons-lang3@3.17.0

Remediation: Upgrade to io.swagger.core.v3:swagger-core@2.2.35.

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.

Remediation

Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.

References

Apache Pony Mail
GitHub Commit

Uncontrolled Recursion vulnerability report