Find, fix and prevent vulnerabilities in your code.
high severity
- Vulnerable module: org.apache.commons:commons-lang3
- Introduced through: org.cyclonedx:cyclonedx-core-java@10.2.1
Detailed paths
-
Introduced through: cf-toolsuite/spring-boot-starter-runtime-metadata@cf-toolsuite/spring-boot-starter-runtime-metadata#84d59bd8f2a4d3b956589cb8ca3693e6594eaaed › org.cyclonedx:cyclonedx-core-java@10.2.1 › org.apache.commons:commons-lang3@3.17.0
Overview
Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.
Remediation
Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.
References
medium severity
- Module: ch.qos.logback:logback-classic
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.5.5
Detailed paths
-
Introduced through: cf-toolsuite/spring-boot-starter-runtime-metadata@cf-toolsuite/spring-boot-starter-runtime-metadata#84d59bd8f2a4d3b956589cb8ca3693e6594eaaed › org.springframework.boot:spring-boot-starter-actuator@3.5.5 › org.springframework.boot:spring-boot-starter@3.5.5 › org.springframework.boot:spring-boot-starter-logging@3.5.5 › ch.qos.logback:logback-classic@1.5.18
Dual license: EPL-1.0, LGPL-2.1
medium severity
- Module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.5.5
Detailed paths
-
Introduced through: cf-toolsuite/spring-boot-starter-runtime-metadata@cf-toolsuite/spring-boot-starter-runtime-metadata#84d59bd8f2a4d3b956589cb8ca3693e6594eaaed › org.springframework.boot:spring-boot-starter-actuator@3.5.5 › org.springframework.boot:spring-boot-starter@3.5.5 › org.springframework.boot:spring-boot-starter-logging@3.5.5 › ch.qos.logback:logback-classic@1.5.18 › ch.qos.logback:logback-core@1.5.18
Dual license: EPL-1.0, LGPL-2.1