Vulnerabilities	6 via 96 paths
Dependencies	117
Source	GitHub
Commit	8259340b

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Issue type

Vulnerabilities
6
License issues
3

Severity

Critical
High
2
Medium
6
Low
1

Status

Open
9
Patched
0
Ignored
0

high severity

Uncontrolled Recursion

Vulnerable module: org.apache.commons:commons-lang3
Introduced through: io.dropwizard:dropwizard-core@4.0.10 and io.dropwizard:dropwizard-client@4.0.10

Detailed paths

Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-configuration@4.0.10 › org.apache.commons:commons-text@1.12.0 › org.apache.commons:commons-lang3@3.14.0

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.16.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-configuration@4.0.10 › org.apache.commons:commons-text@1.12.0 › org.apache.commons:commons-lang3@3.14.0

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.16.

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.

Remediation

Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.

References

Uncontrolled Recursion vulnerability report

high severity

Improper Certificate Validation

Vulnerable module: org.apache.httpcomponents.client5:httpclient5
Introduced through: io.dropwizard:dropwizard-client@4.0.10

Detailed paths

Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › org.apache.httpcomponents.client5:httpclient5@5.4

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.13.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard.metrics:metrics-httpclient5@4.2.37 › org.apache.httpcomponents.client5:httpclient5@5.4

Remediation: Upgrade to io.dropwizard:dropwizard-client@5.0.0.

Overview

org.apache.httpcomponents.client5:httpclient5 is a HttpClient component of the Apache HttpComponents project.

Affected versions of this package are vulnerable to Improper Certificate Validation due to a bug in the validation logic of the Public Suffix List, which allows attackers to manipulate cookie management and host name verification, leading to unauthorized access or information disclosure.

Remediation

Upgrade org.apache.httpcomponents.client5:httpclient5 to version 5.4.3 or higher.

References

Improper Certificate Validation vulnerability report

medium severity

Improper Neutralization of Special Elements

Vulnerable module: ch.qos.logback:logback-classic
Introduced through: io.dropwizard:dropwizard-core@4.0.10 and io.dropwizard:dropwizard-client@4.0.10

Detailed paths

Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14

Overview

ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the JaninoEventEvaluator extension. An attacker can execute arbitrary code by compromising an existing logback configuration file or injecting an environment variable before program execution.

Remediation

Upgrade ch.qos.logback:logback-classic to version 1.3.15, 1.5.13 or higher.

References

Improper Neutralization of Special Elements vulnerability report

medium severity

External Initialization of Trusted Variables or Data Stores

Vulnerable module: ch.qos.logback:logback-core
Introduced through: io.dropwizard:dropwizard-core@4.0.10 and io.dropwizard:dropwizard-client@4.0.10

Detailed paths

Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-access@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-access@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Overview

ch.qos.logback:logback-core is a logback-core module.

Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the logback.xml configuration file when both the Janino library and Spring Framework are present on the class path. An attacker can execute arbitrary code by compromising an existing configuration file or injecting a malicious environment variable before program execution. This is only exploitable if the attacker has write access to a configuration file or can set a malicious environment variable.

Remediation

Upgrade ch.qos.logback:logback-core to version 1.5.19 or higher.

References

External Initialization of Trusted Variables or Data Stores vulnerability report

medium severity

Improper Neutralization of Special Elements

Vulnerable module: ch.qos.logback:logback-core
Introduced through: io.dropwizard:dropwizard-core@4.0.10 and io.dropwizard:dropwizard-client@4.0.10

Detailed paths

Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-access@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-access@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Overview

ch.qos.logback:logback-core is a logback-core module.

Remediation

Upgrade ch.qos.logback:logback-core to version 1.3.15, 1.5.13 or higher.

References

Improper Neutralization of Special Elements vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.0

Module: ch.qos.logback:logback-access
Introduced through: io.dropwizard:dropwizard-core@4.0.10 and io.dropwizard:dropwizard-client@4.0.10

Detailed paths

Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-access@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-access@1.4.14

Dual license: EPL-1.0, LGPL-2.0

Dual license: EPL-1.0, LGPL-2.0 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

Module: ch.qos.logback:logback-classic
Introduced through: io.dropwizard:dropwizard-core@4.0.10 and io.dropwizard:dropwizard-client@4.0.10

Detailed paths

Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

Module: ch.qos.logback:logback-core
Introduced through: io.dropwizard:dropwizard-core@4.0.10 and io.dropwizard:dropwizard-client@4.0.10

Detailed paths

Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-access@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-access@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

low severity

Server-side Request Forgery (SSRF)

Vulnerable module: ch.qos.logback:logback-core
Introduced through: io.dropwizard:dropwizard-core@4.0.10 and io.dropwizard:dropwizard-client@4.0.10

Detailed paths

Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-access@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-core@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-servlets@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › ch.qos.logback:logback-access@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Remediation: Upgrade to io.dropwizard:dropwizard-client@4.0.12.
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-core@1.4.14
Introduced through: dwp/ms-html-to-pdfa@dwp/ms-html-to-pdfa#8259340b6ccbd35c9b65fb8fcd47f5f338d24d24 › io.dropwizard:dropwizard-client@4.0.10 › io.dropwizard:dropwizard-core@4.0.10 › io.dropwizard:dropwizard-request-logging@4.0.10 › io.dropwizard:dropwizard-logging@4.0.10 › io.dropwizard.metrics:metrics-logback@4.2.37 › ch.qos.logback:logback-classic@1.4.14 › ch.qos.logback:logback-core@1.4.14

Overview

ch.qos.logback:logback-core is a logback-core module.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the SaxEventRecorder process. An attacker can forge requests by compromising logback configuration files in XML.

Remediation

Upgrade ch.qos.logback:logback-core to version 1.3.15, 1.5.13 or higher.

References

Server-side Request Forgery (SSRF) vulnerability report

Vulnerabilities

Dependencies

Source

Commit

Find, fix and prevent vulnerabilities in your code.

high severity

Uncontrolled Recursion

Detailed paths

Overview

Remediation

References

high severity

Improper Certificate Validation

Detailed paths

Overview

Remediation

References

medium severity

Improper Neutralization of Special Elements

Detailed paths

Overview

Remediation

References

medium severity

External Initialization of Trusted Variables or Data Stores

Detailed paths

Overview

Remediation

References

medium severity

Improper Neutralization of Special Elements

Detailed paths

Overview

Remediation

References

medium severity

Dual license: EPL-1.0, LGPL-2.0

Detailed paths

medium severity

Dual license: EPL-1.0, LGPL-2.1

Detailed paths

medium severity

Dual license: EPL-1.0, LGPL-2.1

Detailed paths

low severity

Server-side Request Forgery (SSRF)

Detailed paths

Overview

Remediation

References