Find, fix and prevent vulnerabilities in your code.
critical severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.7.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.7.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition. On case insensitive file systems, when the default servlet is write-enabled, an attacker can upload a malicious file containing executable code and bypass case sensitivity checks, causing it to be treated as a JSP and executed.
This vector has been observed when the application is under load and read and upload operations are performed on the same file simultaneously.
Note:
The default readonly initialization parameter value of true is not vulnerable.
This is related to CVE-2024-56337 where additional configurations are defined to fully mitigate this issue as upgrading to the fixed version doesn't fully mitigate this vulnerability;
In addition to upgrading to the fixed version, users are advised to apply the following mitigations, depending on which version of Java they are using with Tomcat :
running on Java 8 or Java 11: the system property
sun.io.useCanonCachesmust be explicitly set to false (it defaults to true)running on Java 17: the system property
sun.io.useCanonCaches, if set, must be set to false (it defaults to false)running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.98, 10.1.34, 11.0.2 or higher.
References
critical severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.7.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.7.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition due to imcomplete mitigation advice associated with CVE-2024-50379 in the file-handling process with servlet write enabled.
In addition to upgrading to the fixed version, users are advised to apply the following mitigations, depending on which version of Java they are using with Tomcat :
running on Java 8 or Java 11: the system property
sun.io.useCanonCachesmust be explicitly set to false (it defaults to true)running on Java 17: the system property
sun.io.useCanonCaches, if set, must be set to false (it defaults to false)running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed)
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.98, 10.1.34, 11.0.2 or higher.
References
critical severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.2.11.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.2.11.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Uncaught Exception due to the custom Jakarta Authentication ServerAuthContext component which may throw an exception during the authentication process without setting an HTTP status to indicate failure. An attacker can gain unauthorized access by exploiting this unchecked error condition.
Note:
This is only exploitable if Tomcat is configured to use a custom Jakarta Authentication
ServerAuthContext component that behaves in this way. According to the maintainers, no such cases are known.
PoC
import requests
# Target server configuration
TARGET_URL = "http://example.com/login" # Replace with your target's authentication URL
TEST_HEADERS = {
"Content-Type": "application/json"
}
TEST_PAYLOAD = {
"username": "test_user", # Sample username
"password": "invalid_password" # Invalid password for testing
}
def check_cve_2024_52316(target_url):
"""
Test for CVE-2024-52316 vulnerability by sending crafted authentication requests.
Args:
target_url (str): The URL of the authentication endpoint to test.
"""
try:
print(f"[*] Sending test request to {target_url}")
# Send a POST request with the test payload
response = requests.post(target_url, json=TEST_PAYLOAD, headers=TEST_HEADERS, timeout=5)
# Analyze the server's response
if response.status_code in [401, 403]:
print(f"[SAFE] The server returned an expected HTTP status code: {response.status_code}")
elif response.status_code == 200:
print(f"[VULNERABLE] Potential CVE-2024-52316 detected! Server returned status code: {response.status_code}")
else:
print(f"[INFO] Unexpected HTTP status code: {response.status_code}")
print("Response content:", response.text)
except requests.exceptions.RequestException as e:
print(f"[ERROR] Failed to connect to the target: {e}")
if __name__ == "__main__":
print("[START] CVE-2024-52316 Detection Script")
check_cve_2024_52316(TARGET_URL)
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.96, 10.1.31, 11.0.0 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Race Condition on connection close when using the APR/Native connector. An attacker could trigger a JVM crash by rapidly opening and closing HTTP/2 connections. The likelihood of hitting the race condition increases if the connections are closed from the client side.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.107 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.13.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.13.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the uniform handling of request parameters and parts in multipart requests. An attacker can craft a malicious request with a large number of parts, which can lead to a Denial of Service.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.106, 10.1.42, 11.0.8 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.8.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.8.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via HTTP/2 multiplexing feature. an attacker can trigger resource exhaustion by creating excessive HTTP/2 streams within a single TCP connection.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.107, 10.1.43, 11.0.9 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.2.7.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.2.7.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the unwrap() function in SecureNio2Channel class, during a TLS handshake. Under certain configurations using TLS 1.3, an attacker can trigger an OutOfMemoryError.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.90, 10.1.25, 11.0.0-M21 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.7.17.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.7.17.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.94, 9.0.81, 10.1.14, 11.0.0-M12 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.9.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.9.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the HTTP/2 Handler. An attacker can cause a denial of service by sending specially crafted requests that exploit improper handling of resource shutdown.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.108, 10.1.44, 11.0.10 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.2.7.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.2.7.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Insufficient Session Expiration due to an infinite timeout being assigned to an open connection improperly, in http2/Stream.java. An attacker can force this situation by sending an HTTP/2 stream with excessive headers, causing an out-of-memory error or exhausting maxConnections.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.90, 10.1.25, 11.0.0-M21 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.8.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.8.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Integer Overflow or Wraparound via file uploads through servlet containers. An attacker can craft malicious multipart/form-data requests with specially crafted Content-Length headers that trigger integer overflow vulnerabilities, potentially bypassing file size restrictions and causing memory exhaustion.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.107, 10.1.43, 11.0.9 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.7.18.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.7.18.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Improper Input Validation due to the improper parsing of HTTP trailer headers. An attacker can manipulate the server into treating a single request as multiple requests by sending a trailer header that exceeds the header size limit. This could lead to request smuggling when the server is behind a reverse proxy.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.96, 9.0.83, 10.1.16, 11.0.0-M10 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.9.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.9.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Path Equivalence in the doPut() function in DefaultServlet.java, which insecurely replaces path separators with .s.
If the Default Servlet is configured with writes enabled - which it is not by default - a user can exploit Tomcat's partial PUT functionality to achieve code execution via deserialization. The target URL containing sensitive uploaded files must be a sub-directory of a target URL for public uploads, and the malicious user must know the names of the target sensitive files, which are also uploaded using a partial PUT. If both attacker and target application are using the default storage location and it contains a library that deserializes untrusted code, the attacker can trigger the execution of malicious code.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.99, 10.1.35, 11.0.3 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.10.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.10.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Relative Path Traversal via the URL normalization. An attacker can bypass security constraints and access restricted directories such as /WEB-INF/ and /META-INF/ by manipulating the request URI. If PUT requests are also enabled then malicious files could be uploaded leading to remote code execution.
Note:
- Older, EOL versions may also be affected.
- PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.109, 10.1.45, 11.0.11 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.10.RELEASE.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.10.RELEASE.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Denial of Service (DoS). When Tomcat is configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially-crafted packet could be used to trigger an infinite loop resulting in a denial of service.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 10.0.4, 8.5.64, 9.0.44 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.1.9.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.1.9.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Denial of Service (DoS) when processing a crafted HTTP/2 request. If the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.99, 9.0.86, 10.1.19, 1.0.0-M17 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.13.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.13.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Untrusted Search Path via the icacls.exe call during Windows installation, when a full path is not specified. An attacker can execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is searched before the intended system directory.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.106, 10.1.42, 11.0.8 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-websocket
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.1.9.
Overview
Affected versions of this package are vulnerable to Denial of Service (DoS) when a WebSocket client can keep a WebSocket connection open which is leading to increased resource consumption.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-websocket to version 8.5.99, 9.0.86, 10.1.19, 1.0.0-M17 or higher.
References
high severity
- Vulnerable module: org.springframework.boot:spring-boot-autoconfigure
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-autoconfigure@2.3.1.RELEASERemediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.15.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-autoconfigure@2.3.1.RELEASERemediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.15.
Overview
Affected versions of this package are vulnerable to Denial of Service (DoS) if Spring MVC is used together with a reverse proxy cache.
Specifically, an application is vulnerable if all of the conditions are true:
- The application has Spring MVC auto-configuration enabled. This is the case by default if Spring MVC is on the classpath.
- The application uses Spring Boot's welcome page support, either static or templated.
- The application is deployed behind a proxy which caches 404 responses.
The application is NOT vulnerable if any of the following are true:
- Spring MVC auto-configuration is disabled. This is true if
WebMvcAutoConfigurationis explicitly excluded, if Spring MVC is not on the classpath, or ifspring.main.web-application-typeis set to a value other thanSERVLET. - The application does not use Spring Boot's welcome page support.
- There is no proxy which caches 404 responses.
Workaround
Users who are unable to upgrade should configure the reverse proxy not to cache 404 responses and/or not to cache responses to requests to the root (/) of the application.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.springframework.boot:spring-boot-autoconfigure to version 2.5.15, 2.6.15, 2.7.12, 3.0.7 or higher.
References
high severity
- Vulnerable module: org.yaml:snakeyaml
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
Overview
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing nested depth limitation for collections.
NOTE: This vulnerability has also been identified as: CVE-2022-38749
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.yaml:snakeyaml to version 1.31 or higher.
References
high severity
- Vulnerable module: org.yaml:snakeyaml
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
Overview
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing nested depth limitation for collections.
NOTE: This vulnerability has also been identified as: CVE-2022-25857
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.yaml:snakeyaml to version 1.31 or higher.
References
high severity
- Vulnerable module: org.glassfish:jakarta.el
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.glassfish:jakarta.el@3.0.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.4.11.
Overview
Affected versions of this package are vulnerable to Improper Input Validation. A bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
The bug seems to be in the parser’s grammar - $ or # followed by a character that is not {, $ or # will be treated as a literal expression. The pertinent case is when the character following the $ or # chars is a backslash. The parser will then consume the backslash as part of the literal expression and will leave the character that follows it unescaped.
Note:
org.glassfish:javax.el is deprecated, users can move to use org.glassfish:jakarta.el instead where this issue is first fixed in version 3.0.4.
Remediation
Upgrade org.glassfish:jakarta.el to version 3.0.4 or higher.
References
high severity
- Vulnerable module: ch.qos.logback:logback-classic
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.1.7.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.1.7.
Overview
ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java.
Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can mount a denial-of-service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade ch.qos.logback:logback-classic to version 1.2.13, 1.3.12, 1.4.12 or higher.
References
high severity
- Vulnerable module: ch.qos.logback:logback-classic
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.1.7.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.1.7.
Overview
ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. An attacker can mount a denial-of-service attack by sending poisoned data.
Note:
Successful exploitation requires the logback-receiver component being enabled and also reachable by the attacker.
Remediation
Upgrade ch.qos.logback:logback-classic to version 1.2.13, 1.3.14, 1.4.14 or higher.
References
high severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.1.7.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.1.7.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Denial of Service (DoS). An attacker can mount a denial-of-service attack by sending poisoned data. This is only exploitable if logback receiver component is deployed.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade ch.qos.logback:logback-core to version 1.2.13, 1.3.12, 1.4.12 or higher.
References
high severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.1.7.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.1.7.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the logback receiver component. An attacker can mount a denial-of-service attack by sending poisoned data.
Note:
Successful exploitation requires the logback-receiver component being enabled and also reachable by the attacker.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.2.13, 1.3.14, 1.4.14 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.10.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.10.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Privilege Escalation via a time of check, time of use vulnerability that allows a local attacker to perform actions with the privileges of the user that the Tomcat process is using.
This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.75, 9.0.58, 10.0.16, 10.1.0-M10 or higher.
References
high severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.9.RELEASE.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.9.RELEASE.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Remote Code Execution (RCE). The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 10.0.2, 9.0.43, 8.5.63, 7.0.108 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.13.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.13.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Session Fixation via the rewrite valve if enabled for a web application. An attacker can gain unauthorized access to another user's session by crafting a request that allows session fixation.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.106, 10.1.42, 11.0.8 or higher.
References
medium severity
- Vulnerable module: org.yaml:snakeyaml
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.2.0.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.2.0.
Overview
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Arbitrary Code Execution in the Constructor class, which does not restrict which types can be deserialized. This vulnerability is exploitable by an attacker who provides a malicious YAML file for deserialization, which circumvents the SafeConstructor class.
The maintainers of the library contend that the application's trust would already have had to be compromised or established and therefore dispute the risk associated with this issue on the basis that there is a high bar for exploitation.
Remediation
Upgrade org.yaml:snakeyaml to version 2.0 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.7.16.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.7.16.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Access Restriction Bypass. If the ROOT (default) web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice.
The vulnerability is limited to the ROOT (default) web application.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.93, 9.0.80, 10.1.13, 11.0.0-M11 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.15.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.15.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Denial of Service (DoS) when an attacker sends a large number of request parts in a series of uploads or a single multipart upload.
NOTE: After upgrading to the fixed version, the setFileCountMax() must be explicitly set to avoid this vulnerability.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.85, 9.0.71, 10.1.5, 11.0.0-M3 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.13.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.13.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to how PreResources or PostResources handle pre-resources or post-resources mounted at non-root locations. An attacker can gain unauthorized access to protected resources by crafting requests to unexpected paths that bypass intended security constraints.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.106, 10.1.42, 11.0.8 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.12.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.12.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the pathInfo component of a URI mapped to the CGI servlet. An attacker can bypass security constraints that apply to the pathInfo component by exploiting this vulnerability on a case insensitive file system.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.105, 10.1.41, 11.0.7 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.11.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.11.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to the delayed cleaning of multipart upload temporary files. An attacker can cause a denial-of-service by sending crafted requests that create temporary copies of uploaded parts faster than the garbage collector clears them, leading to resource exhaustion.
Note: Successful exploitation depends on the JVM settings, the application memory usage, and application load.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 9.0.110, 10.1.47, 11.0.12 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-classic
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.8.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.8.
Overview
ch.qos.logback:logback-classic is a reliable, generic, fast and flexible logging library for Java.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the JaninoEventEvaluator extension. An attacker can execute arbitrary code by compromising an existing logback configuration file or injecting an environment variable before program execution.
Remediation
Upgrade ch.qos.logback:logback-classic to version 1.3.15, 1.5.13 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.11.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.4.11.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to External Initialization of Trusted Variables or Data Stores via the conditional processing of the logback.xml configuration file when both the Janino library and Spring Framework are present on the class path. An attacker can execute arbitrary code by compromising an existing configuration file or injecting a malicious environment variable before program execution. This is only exploitable if the attacker has write access to a configuration file or can set a malicious environment variable.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.5.19 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.8.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.8.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the JaninoEventEvaluator extension. An attacker can execute arbitrary code by compromising an existing logback configuration file or injecting an environment variable before program execution.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.3.15, 1.5.13 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.9.RELEASE.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.9.RELEASE.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to HTTP Request Smuggling. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 10.0.2, 9.0.43, 8.5.63 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.4.RELEASE.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.4.RELEASE.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to HTTP Request Smuggling. If an HTTP/2 client connecting to Apache Tomcat exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 10.0.0-M8, 9.0.38, 8.5.58 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.2.RELEASE.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.2.RELEASE.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Denial of Service (DoS). An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur leading to a denial of service.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
wspackage
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 10.0.0-M7, 9.0.37, 8.5.57 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.4.8.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.4.8.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to HTTP Request Smuggling. Tomcat does not correctly parse the HTTP transfer-encoding request header in some circumstances, leading to the possibility of request smuggling when used with a reverse proxy.
Specifically, Tomcat incorrectly ignores the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; it honours the identify encoding; and it does not ensure that, if present, the chunked encoding was the final encoding.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 10.0.7, 9.0.48, 8.5.68 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.7.17.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.7.17.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Improper Input Validation due to the improper handling of HTTP trailer headers. An attacker can manipulate the server into treating a single request as multiple requests by sending a specially crafted, invalid trailer header. This could lead to request smuggling when the server is behind a reverse proxy.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.94, 9.0.81, 10.1.14, 11.0.0-M12 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.7.17.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.7.17.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Incomplete Cleanup when recycling various internal objects. An error could cause some parts of the recycling process to be skipped, leading to information leaking from the current request/response to the next. An attacker can gain unauthorised access to sensitive information by exploiting this error.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.94, 9.0.81, 10.1.14, 11.0.0-M12 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.7.RELEASE.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.7.RELEASE.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Information Disclosure. When serving resources from a network location using the NTFS file system, affected versions were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 10.0.0-M10, 9.0.40, 8.5.60, 7.0.107 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.7.RELEASE.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.7.RELEASE.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Information Exposure. An HTTP request header value could be reused from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.60, 9.0.40, 10.0.0-M10 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.10.RELEASE.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.10.RELEASE.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Information Exposure through an incomplete POST request, which triggers an error response that could contain data from a previous request from another user.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.64, 9.0.44, 10.0.4 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.15.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.15.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Unprotected Transport of Credentials when using the RemoteIpFilter with requests received from a reverse proxy via HTTP, in which the X-Forwarded-Proto header is set to https.
Session cookies do not include the secure attribute, so the user agent may transmit the session cookie over an insecure channel.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.86, 9.0.72, 10.1.6, 11.0.0-M3 or higher.
References
medium severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.4.13.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.4.13.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Insufficient Hostname Verification. X.509 are not properly validated. By spoofing the TLS/SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.2.7 or higher.
References
medium severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.11.RELEASE.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.3.11.RELEASE.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Improper Input Validation. Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data (e.g., user names) as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate using variations of their user name and/or to bypass some of the protection provided by the LockOut Realm.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 10.0.6, 9.0.46, 8.5.66, 7.0.109 or higher.
References
medium severity
- Vulnerable module: org.yaml:snakeyaml
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
Overview
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Stack-based Buffer Overflow when parsing crafted untrusted YAML files, which can lead to a denial-of-service.
Remediation
Upgrade org.yaml:snakeyaml to version 1.31 or higher.
References
medium severity
- Module: ch.qos.logback:logback-classic
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3
Dual license: EPL-1.0, LGPL-2.1
medium severity
- Module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3
Dual license: EPL-1.0, LGPL-2.1
low severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.15.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.15.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to HTTP Request Smuggling when improper requests containing an invalid Content-Length header are not being properly rejected.
Note: Exploiting this vulnerability is also possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.53, 9.0.68, 10.0.27, 10.1.1 or higher.
References
low severity
- Vulnerable module: org.apache.tomcat.embed:tomcat-embed-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.13.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-tomcat@2.3.1.RELEASE › org.apache.tomcat.embed:tomcat-embed-websocket@9.0.36 › org.apache.tomcat.embed:tomcat-embed-core@9.0.36Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@2.5.13.
Overview
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Information Exposure.
due to a concurrency bug that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
Remediation
Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14 or higher.
References
low severity
- Vulnerable module: org.yaml:snakeyaml
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
Overview
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Stack-based Buffer Overflow when parsing crafted untrusted YAML files, which can lead to a denial-of-service.
Remediation
Upgrade org.yaml:snakeyaml to version 1.32 or higher.
References
low severity
- Vulnerable module: org.yaml:snakeyaml
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
Overview
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Stack-based Buffer Overflow in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject when parsing crafted untrusted YAML files, which can lead to a denial-of-service.
Remediation
Upgrade org.yaml:snakeyaml to version 1.31 or higher.
References
low severity
- Vulnerable module: org.yaml:snakeyaml
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.yaml:snakeyaml@1.26Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.0.0.
Overview
org.yaml:snakeyaml is a YAML 1.1 parser and emitter for Java.
Affected versions of this package are vulnerable to Stack-based Buffer Overflow when supplied with untrusted input, due to improper limitation for incoming data.
Remediation
Upgrade org.yaml:snakeyaml to version 1.32 or higher.
References
low severity
- Vulnerable module: ch.qos.logback:logback-core
- Introduced through: org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE
Detailed paths
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.8.
-
Introduced through: ocinpp/springboot-sockjs-stomp-vue-sample@ocinpp/springboot-sockjs-stomp-vue-sample#19990c4d718ca604c0a313e65ddd3e1a1eb6cf0a › org.springframework.boot:spring-boot-starter-websocket@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-web@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-json@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter@2.3.1.RELEASE › org.springframework.boot:spring-boot-starter-logging@2.3.1.RELEASE › ch.qos.logback:logback-classic@1.2.3 › ch.qos.logback:logback-core@1.2.3Remediation: Upgrade to org.springframework.boot:spring-boot-starter-websocket@3.3.8.
Overview
ch.qos.logback:logback-core is a logback-core module.
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the SaxEventRecorder process. An attacker can forge requests by compromising logback configuration files in XML.
Remediation
Upgrade ch.qos.logback:logback-core to version 1.3.15, 1.5.13 or higher.