Find, fix and prevent vulnerabilities in your code.
high severity
- Vulnerable module: org.apache.commons:commons-lang3
- Introduced through: dev.openfeature:sdk@1.0.0
Detailed paths
-
Introduced through: rollout/cloudbees-openfeature-provider-java@rollout/cloudbees-openfeature-provider-java#75a17f1f9c64b98829780c34cb032563443f3eed › dev.openfeature:sdk@1.0.0 › com.github.spotbugs:spotbugs@4.7.3 › org.apache.commons:commons-lang3@3.12.0Remediation: Upgrade to dev.openfeature:sdk@1.18.0.
-
Introduced through: rollout/cloudbees-openfeature-provider-java@rollout/cloudbees-openfeature-provider-java#75a17f1f9c64b98829780c34cb032563443f3eed › dev.openfeature:sdk@1.0.0 › com.github.spotbugs:spotbugs@4.7.3 › org.apache.commons:commons-text@1.10.0 › org.apache.commons:commons-lang3@3.12.0Remediation: Upgrade to dev.openfeature:sdk@1.18.0.
Overview
Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.
Remediation
Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.
References
high severity
- Vulnerable module: org.apache.bcel:bcel
- Introduced through: dev.openfeature:sdk@1.0.0
Detailed paths
-
Introduced through: rollout/cloudbees-openfeature-provider-java@rollout/cloudbees-openfeature-provider-java#75a17f1f9c64b98829780c34cb032563443f3eed › dev.openfeature:sdk@1.0.0 › com.github.spotbugs:spotbugs@4.7.3 › org.apache.bcel:bcel@6.5.0Remediation: Upgrade to dev.openfeature:sdk@1.7.0.
Overview
Affected versions of this package are vulnerable to Out-of-bounds Write where a number of APIs can be used to produce arbitrary bytecode. This can be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
Remediation
Upgrade org.apache.bcel:bcel to version 6.6.0 or higher.
References
medium severity
- Module: com.github.spotbugs:spotbugs
- Introduced through: dev.openfeature:sdk@1.0.0
Detailed paths
-
Introduced through: rollout/cloudbees-openfeature-provider-java@rollout/cloudbees-openfeature-provider-java#75a17f1f9c64b98829780c34cb032563443f3eed › dev.openfeature:sdk@1.0.0 › com.github.spotbugs:spotbugs@4.7.3
LGPL-2.1 license
medium severity
- Module: com.github.spotbugs:spotbugs-annotations
- Introduced through: dev.openfeature:sdk@1.0.0
Detailed paths
-
Introduced through: rollout/cloudbees-openfeature-provider-java@rollout/cloudbees-openfeature-provider-java#75a17f1f9c64b98829780c34cb032563443f3eed › dev.openfeature:sdk@1.0.0 › com.github.spotbugs:spotbugs@4.7.3 › com.github.spotbugs:spotbugs-annotations@4.7.3
LGPL-2.1 license
medium severity
- Module: net.sf.saxon:Saxon-HE
- Introduced through: dev.openfeature:sdk@1.0.0
Detailed paths
-
Introduced through: rollout/cloudbees-openfeature-provider-java@rollout/cloudbees-openfeature-provider-java#75a17f1f9c64b98829780c34cb032563443f3eed › dev.openfeature:sdk@1.0.0 › com.github.spotbugs:spotbugs@4.7.3 › net.sf.saxon:Saxon-HE@11.4
MPL-2.0 license