Vulnerabilities	2 via 10 paths
Dependencies	47
Source	GitHub
Commit	c22f52c0

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Issue type

Vulnerabilities
2
License issues
3

Severity

Critical
High
1
Medium
4
Low

Status

Open
5
Patched
0
Ignored
0

high severity

Infinite loop

Vulnerable module: org.apache.commons:commons-compress
Introduced through: org.testcontainers:testcontainers@1.21.3, org.testcontainers:junit-jupiter@1.21.3 and others

Detailed paths

Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:testcontainers@1.21.3 › org.apache.commons:commons-compress@1.24.0
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:junit-jupiter@1.21.3 › org.testcontainers:testcontainers@1.21.3 › org.apache.commons:commons-compress@1.24.0
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:mariadb@1.21.3 › org.testcontainers:jdbc@1.21.3 › org.testcontainers:database-commons@1.21.3 › org.testcontainers:testcontainers@1.21.3 › org.apache.commons:commons-compress@1.24.0
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:mysql@1.21.3 › org.testcontainers:jdbc@1.21.3 › org.testcontainers:database-commons@1.21.3 › org.testcontainers:testcontainers@1.21.3 › org.apache.commons:commons-compress@1.24.0
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:postgresql@1.21.3 › org.testcontainers:jdbc@1.21.3 › org.testcontainers:database-commons@1.21.3 › org.testcontainers:testcontainers@1.21.3 › org.apache.commons:commons-compress@1.24.0

Overview

org.apache.commons:commons-compress is an API for working with compression and archive formats.

Affected versions of this package are vulnerable to Infinite loop due to the improper handling of certain inputs during the parsing of dump files. An attacker can cause the application to enter an infinite loop by supplying crafted inputs.

Remediation

Upgrade org.apache.commons:commons-compress to version 1.26.0 or higher.

References

Infinite loop vulnerability report

medium severity

Allocation of Resources Without Limits or Throttling

Vulnerable module: org.apache.commons:commons-compress
Introduced through: org.testcontainers:testcontainers@1.21.3, org.testcontainers:junit-jupiter@1.21.3 and others

Detailed paths

Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:testcontainers@1.21.3 › org.apache.commons:commons-compress@1.24.0
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:junit-jupiter@1.21.3 › org.testcontainers:testcontainers@1.21.3 › org.apache.commons:commons-compress@1.24.0
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:mariadb@1.21.3 › org.testcontainers:jdbc@1.21.3 › org.testcontainers:database-commons@1.21.3 › org.testcontainers:testcontainers@1.21.3 › org.apache.commons:commons-compress@1.24.0
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:mysql@1.21.3 › org.testcontainers:jdbc@1.21.3 › org.testcontainers:database-commons@1.21.3 › org.testcontainers:testcontainers@1.21.3 › org.apache.commons:commons-compress@1.24.0
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:postgresql@1.21.3 › org.testcontainers:jdbc@1.21.3 › org.testcontainers:database-commons@1.21.3 › org.testcontainers:testcontainers@1.21.3 › org.apache.commons:commons-compress@1.24.0

Overview

org.apache.commons:commons-compress is an API for working with compression and archive formats.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an OutOfMemoryError during the handling of a broken Pack200 file.

Remediation

Upgrade org.apache.commons:commons-compress to version 1.26.0 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

medium severity

Dual license: EPL-1.0, MPL-2.0

Module: com.h2database:h2
Introduced through: com.h2database:h2@2.3.232 and org.dbunit:dbunit@3.0.0

Detailed paths

Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › com.h2database:h2@2.3.232
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.dbunit:dbunit@3.0.0 › com.h2database:h2@2.3.232

Dual license: EPL-1.0, MPL-2.0

Dual license: EPL-1.0, MPL-2.0 vulnerability report

medium severity

EPL-1.0 license

Module: junit:junit
Introduced through: junit:junit@4.13.2, org.testcontainers:testcontainers@1.21.3 and others

Detailed paths

Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › junit:junit@4.13.2
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:testcontainers@1.21.3 › junit:junit@4.13.2
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.junit.vintage:junit-vintage-engine@5.11.4 › junit:junit@4.13.2
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › com.adobe.testing:s3mock-testcontainers@4.9.1 › org.testcontainers:testcontainers@1.21.3 › junit:junit@4.13.2
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:junit-jupiter@1.21.3 › org.testcontainers:testcontainers@1.21.3 › junit:junit@4.13.2
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:mariadb@1.21.3 › org.testcontainers:jdbc@1.21.3 › org.testcontainers:database-commons@1.21.3 › org.testcontainers:testcontainers@1.21.3 › junit:junit@4.13.2
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:mysql@1.21.3 › org.testcontainers:jdbc@1.21.3 › org.testcontainers:database-commons@1.21.3 › org.testcontainers:testcontainers@1.21.3 › junit:junit@4.13.2
Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.testcontainers:postgresql@1.21.3 › org.testcontainers:jdbc@1.21.3 › org.testcontainers:database-commons@1.21.3 › org.testcontainers:testcontainers@1.21.3 › junit:junit@4.13.2

EPL-1.0 license

EPL-1.0 license vulnerability report

medium severity

LGPL-2.1 license

Module: org.dbunit:dbunit
Introduced through: org.dbunit:dbunit@3.0.0

Detailed paths

Introduced through: openmrs/openmrs-core@openmrs/openmrs-core#c22f52c0b8d9a2a3e6d6f58ae91d1549da55cd75 › org.dbunit:dbunit@3.0.0

LGPL-2.1 license

LGPL-2.1 license vulnerability report

Vulnerabilities

Dependencies

Source

Commit

Find, fix and prevent vulnerabilities in your code.

high severity

Infinite loop

Detailed paths

Overview

Remediation

References

medium severity

Allocation of Resources Without Limits or Throttling

Detailed paths

Overview

Remediation

References

medium severity

Dual license: EPL-1.0, MPL-2.0

Detailed paths

medium severity

EPL-1.0 license

Detailed paths

medium severity

LGPL-2.1 license

Detailed paths