Find, fix and prevent vulnerabilities in your code.
high severity
- Vulnerable module: org.apache.commons:commons-lang3
- Introduced through: org.apache.commons:commons-lang3@3.14.0, org.apache.commons:commons-compress@1.26.2 and others
Detailed paths
-
Introduced through: firegloves/mempoi@firegloves/mempoi#fc2be6acd60f369a6074884d1bc72bc00a5e557a › org.apache.commons:commons-lang3@3.14.0Remediation: Upgrade to org.apache.commons:commons-lang3@3.18.0.
-
Introduced through: firegloves/mempoi@firegloves/mempoi#fc2be6acd60f369a6074884d1bc72bc00a5e557a › org.apache.commons:commons-compress@1.26.2 › org.apache.commons:commons-lang3@3.14.0Remediation: Upgrade to org.apache.commons:commons-compress@1.28.0.
-
Introduced through: firegloves/mempoi@firegloves/mempoi#fc2be6acd60f369a6074884d1bc72bc00a5e557a › org.apache.poi:poi-ooxml@5.2.5 › org.apache.commons:commons-compress@1.26.2 › org.apache.commons:commons-lang3@3.14.0
Overview
Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.
Remediation
Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.
References
medium severity
- Vulnerable module: org.apache.poi:poi-ooxml
- Introduced through: org.apache.poi:poi-ooxml@5.2.5
Detailed paths
-
Introduced through: firegloves/mempoi@firegloves/mempoi#fc2be6acd60f369a6074884d1bc72bc00a5e557a › org.apache.poi:poi-ooxml@5.2.5Remediation: Upgrade to org.apache.poi:poi-ooxml@5.4.0.
Overview
org.apache.poi:poi-ooxml is a Java API To Access Microsoft Format Files.
Affected versions of this package are vulnerable to Improper Input Validation due to the parsing process of OOXML format files. An attacker can manipulate the file content by adding zip entries with duplicate names, leading to inconsistent data being read by different products depending on which duplicate entry is selected.
Remediation
Upgrade org.apache.poi:poi-ooxml to version 5.4.0 or higher.