Vulnerabilities

 1 via 1 paths

Dependencies

 176

Source

 GitHub

Commit

 6e9f180c

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 2
Severity
  • 1
  • 2
Status
  • 3
  • 0
  • 0

high severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: commons-fileupload:commons-fileupload
  • Introduced through: org.springframework.cloud:spring-cloud-starter-openfeign@5.0.0

Detailed paths

  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.cloud:spring-cloud-starter-openfeign@5.0.0 org.springframework.cloud:spring-cloud-openfeign-core@5.0.0 io.github.openfeign:feign-form-spring@13.6 commons-fileupload:commons-fileupload@1.5

Overview

commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when processing multipart headers. An attacker can exhaust system resources by sending malicious requests with excessively large individual multipart headers.

Remediation

Upgrade commons-fileupload:commons-fileupload to version 1.6.0 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-classic
  • Introduced through: org.springframework.boot:spring-boot-starter-actuator@4.1.0-M1, org.springframework.boot:spring-boot-starter-webflux@4.1.0-M1 and others

Detailed paths

  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.boot:spring-boot-starter-actuator@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.boot:spring-boot-starter-webflux@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 com.vaadin:vaadin-spring-boot-starter@25.0.3 org.springframework.boot:spring-boot-starter-webmvc@4.0.1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.boot:spring-boot-starter-actuator@4.1.0-M1 org.springframework.boot:spring-boot-starter-micrometer-metrics@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.cloud:spring-cloud-starter-openfeign@5.0.0 org.springframework.cloud:spring-cloud-starter@5.0.0 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.boot:spring-boot-starter-webflux@4.1.0-M1 org.springframework.boot:spring-boot-starter-jackson@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.boot:spring-boot-starter-webflux@4.1.0-M1 org.springframework.boot:spring-boot-starter-reactor-netty@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 com.vaadin:vaadin-spring-boot-starter@25.0.3 org.springframework.boot:spring-boot-starter-webmvc@4.0.1 org.springframework.boot:spring-boot-starter-jackson@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 com.vaadin:vaadin-spring-boot-starter@25.0.3 org.springframework.boot:spring-boot-starter-webmvc@4.0.1 org.springframework.boot:spring-boot-starter-tomcat@4.0.1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-core
  • Introduced through: org.springframework.boot:spring-boot-starter-actuator@4.1.0-M1, org.springframework.boot:spring-boot-starter-webflux@4.1.0-M1 and others

Detailed paths

  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.boot:spring-boot-starter-actuator@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25 ch.qos.logback:logback-core@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.boot:spring-boot-starter-webflux@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25 ch.qos.logback:logback-core@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 com.vaadin:vaadin-spring-boot-starter@25.0.3 org.springframework.boot:spring-boot-starter-webmvc@4.0.1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25 ch.qos.logback:logback-core@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.boot:spring-boot-starter-actuator@4.1.0-M1 org.springframework.boot:spring-boot-starter-micrometer-metrics@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25 ch.qos.logback:logback-core@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.cloud:spring-cloud-starter-openfeign@5.0.0 org.springframework.cloud:spring-cloud-starter@5.0.0 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25 ch.qos.logback:logback-core@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.boot:spring-boot-starter-webflux@4.1.0-M1 org.springframework.boot:spring-boot-starter-jackson@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25 ch.qos.logback:logback-core@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 org.springframework.boot:spring-boot-starter-webflux@4.1.0-M1 org.springframework.boot:spring-boot-starter-reactor-netty@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25 ch.qos.logback:logback-core@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 com.vaadin:vaadin-spring-boot-starter@25.0.3 org.springframework.boot:spring-boot-starter-webmvc@4.0.1 org.springframework.boot:spring-boot-starter-jackson@4.1.0-M1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25 ch.qos.logback:logback-core@1.5.25
  • Introduced through: cf-toolsuite/sanford-ui@cf-toolsuite/sanford-ui#6e9f180ccb89cba71dee859309ae3de774f0a516 com.vaadin:vaadin-spring-boot-starter@25.0.3 org.springframework.boot:spring-boot-starter-webmvc@4.0.1 org.springframework.boot:spring-boot-starter-tomcat@4.0.1 org.springframework.boot:spring-boot-starter@4.1.0-M1 org.springframework.boot:spring-boot-starter-logging@4.1.0-M1 ch.qos.logback:logback-classic@1.5.25 ch.qos.logback:logback-core@1.5.25

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report