Vulnerabilities

 1 via 10 paths

Dependencies

 122

Source

 GitHub

Commit

 3ad5cd57

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 6
Severity
  • 6
  • 1
Status
  • 7
  • 0
  • 0

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-classic
  • Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.5.6, org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 and others

Detailed paths

  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-actuator@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-data-redis@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-mail@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-security@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-thymeleaf@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-validation@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-web@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 org.springframework.boot:spring-boot-starter-jdbc@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-web@3.5.6 org.springframework.boot:spring-boot-starter-json@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-core
  • Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.5.6, org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 and others

Detailed paths

  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-actuator@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-data-redis@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-mail@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-security@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-thymeleaf@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-validation@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-web@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 org.springframework.boot:spring-boot-starter-jdbc@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-web@3.5.6 org.springframework.boot:spring-boot-starter-json@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.hibernate.common:hibernate-commons-annotations
  • Introduced through: org.hibernate.orm:hibernate-jcache@6.6.31.Final, org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 and others

Detailed paths

  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.hibernate.orm:hibernate-jcache@6.6.31.Final org.hibernate.orm:hibernate-core@6.6.31.Final org.hibernate.common:hibernate-commons-annotations@7.0.3.Final
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 org.hibernate.orm:hibernate-core@6.6.31.Final org.hibernate.common:hibernate-commons-annotations@7.0.3.Final
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.data:spring-data-envers@4.0.2 org.hibernate.orm:hibernate-envers@6.6.31.Final org.hibernate.common:hibernate-commons-annotations@7.0.3.Final
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.data:spring-data-envers@4.0.2 org.hibernate.orm:hibernate-envers@6.6.31.Final org.hibernate.orm:hibernate-core@6.6.31.Final org.hibernate.common:hibernate-commons-annotations@7.0.3.Final

LGPL-2.1 license

LGPL-2.1 license vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.hibernate.orm:hibernate-core
  • Introduced through: org.hibernate.orm:hibernate-jcache@6.6.31.Final, org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 and others

Detailed paths

  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.hibernate.orm:hibernate-jcache@6.6.31.Final org.hibernate.orm:hibernate-core@6.6.31.Final
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 org.hibernate.orm:hibernate-core@6.6.31.Final
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.data:spring-data-envers@4.0.2 org.hibernate.orm:hibernate-envers@6.6.31.Final org.hibernate.orm:hibernate-core@6.6.31.Final

LGPL-2.1 license

LGPL-2.1 license vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.hibernate.orm:hibernate-envers
  • Introduced through: org.springframework.data:spring-data-envers@4.0.2

Detailed paths

  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.data:spring-data-envers@4.0.2 org.hibernate.orm:hibernate-envers@6.6.31.Final

LGPL-2.1 license

LGPL-2.1 license vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.hibernate.orm:hibernate-jcache
  • Introduced through: org.hibernate.orm:hibernate-jcache@6.6.31.Final

Detailed paths

  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.hibernate.orm:hibernate-jcache@6.6.31.Final

LGPL-2.1 license

LGPL-2.1 license vulnerability report

low severity
new

External Initialization of Trusted Variables or Data Stores

  • Vulnerable module: ch.qos.logback:logback-core
  • Introduced through: org.springframework.boot:spring-boot-starter-actuator@3.5.6, org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 and others

Detailed paths

  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-actuator@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.10.
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.10.
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-data-redis@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-redis@3.5.10.
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-mail@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-mail@3.5.10.
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-security@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-security@3.5.10.
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-thymeleaf@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-thymeleaf@3.5.10.
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-validation@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.10.
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-web@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.10.
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-data-jpa@3.5.6 org.springframework.boot:spring-boot-starter-jdbc@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.10.
  • Introduced through: heitkergm/spring-thymeleaf-simplefinance@heitkergm/spring-thymeleaf-simplefinance#3ad5cd57ea30c31173735af2e4bc553a2020adf3 org.springframework.boot:spring-boot-starter-web@3.5.6 org.springframework.boot:spring-boot-starter-json@3.5.6 org.springframework.boot:spring-boot-starter@3.5.6 org.springframework.boot:spring-boot-starter-logging@3.5.6 ch.qos.logback:logback-classic@1.5.19 ch.qos.logback:logback-core@1.5.19
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.10.

Overview

ch.qos.logback:logback-core is a logback-core module.

Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores during the configuration file processing. An attacker can instantiate arbitrary classes already present on the class path by compromising an existing configuration file.

Remediation

Upgrade ch.qos.logback:logback-core to version 1.5.25 or higher.

References

External Initialization of Trusted Variables or Data Stores vulnerability report