skrapeit/skrape.it:pom.xml

Vulnerabilities 1 via 8 paths
Dependencies 36
Source GitHub
Commit fdb4d83a

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
medium severity

Information Exposure

  • Vulnerable module: org.eclipse.jetty:jetty-util
  • Introduced through: net.sourceforge.htmlunit:htmlunit@2.35.0

Detailed paths

  • Introduced through: skrapeit/skrape.it@skrapeit/skrape.it#fdb4d83ab013f70ba2ddb9d0abba7d8e425fad82 net.sourceforge.htmlunit:htmlunit@2.35.0 org.eclipse.jetty.websocket:websocket-client@9.4.16.v20190411 org.eclipse.jetty:jetty-util@9.4.16.v20190411
  • Introduced through: skrapeit/skrape.it@skrapeit/skrape.it#fdb4d83ab013f70ba2ddb9d0abba7d8e425fad82 net.sourceforge.htmlunit:htmlunit@2.35.0 org.eclipse.jetty.websocket:websocket-client@9.4.16.v20190411 org.eclipse.jetty:jetty-io@9.4.16.v20190411 org.eclipse.jetty:jetty-util@9.4.16.v20190411
  • Introduced through: skrapeit/skrape.it@skrapeit/skrape.it#fdb4d83ab013f70ba2ddb9d0abba7d8e425fad82 net.sourceforge.htmlunit:htmlunit@2.35.0 org.eclipse.jetty.websocket:websocket-client@9.4.16.v20190411 org.eclipse.jetty.websocket:websocket-common@9.4.16.v20190411 org.eclipse.jetty:jetty-util@9.4.16.v20190411
  • Introduced through: skrapeit/skrape.it@skrapeit/skrape.it#fdb4d83ab013f70ba2ddb9d0abba7d8e425fad82 net.sourceforge.htmlunit:htmlunit@2.35.0 org.eclipse.jetty.websocket:websocket-client@9.4.16.v20190411 org.eclipse.jetty:jetty-xml@9.4.16.v20190411 org.eclipse.jetty:jetty-util@9.4.16.v20190411
  • Introduced through: skrapeit/skrape.it@skrapeit/skrape.it#fdb4d83ab013f70ba2ddb9d0abba7d8e425fad82 net.sourceforge.htmlunit:htmlunit@2.35.0 org.eclipse.jetty.websocket:websocket-client@9.4.16.v20190411 org.eclipse.jetty.websocket:websocket-common@9.4.16.v20190411 org.eclipse.jetty:jetty-io@9.4.16.v20190411 org.eclipse.jetty:jetty-util@9.4.16.v20190411
  • Introduced through: skrapeit/skrape.it@skrapeit/skrape.it#fdb4d83ab013f70ba2ddb9d0abba7d8e425fad82 net.sourceforge.htmlunit:htmlunit@2.35.0 org.eclipse.jetty.websocket:websocket-client@9.4.16.v20190411 org.eclipse.jetty:jetty-client@9.4.16.v20190411 org.eclipse.jetty:jetty-io@9.4.16.v20190411 org.eclipse.jetty:jetty-util@9.4.16.v20190411
  • Introduced through: skrapeit/skrape.it@skrapeit/skrape.it#fdb4d83ab013f70ba2ddb9d0abba7d8e425fad82 net.sourceforge.htmlunit:htmlunit@2.35.0 org.eclipse.jetty.websocket:websocket-client@9.4.16.v20190411 org.eclipse.jetty:jetty-client@9.4.16.v20190411 org.eclipse.jetty:jetty-http@9.4.16.v20190411 org.eclipse.jetty:jetty-util@9.4.16.v20190411
  • Introduced through: skrapeit/skrape.it@skrapeit/skrape.it#fdb4d83ab013f70ba2ddb9d0abba7d8e425fad82 net.sourceforge.htmlunit:htmlunit@2.35.0 org.eclipse.jetty.websocket:websocket-client@9.4.16.v20190411 org.eclipse.jetty:jetty-client@9.4.16.v20190411 org.eclipse.jetty:jetty-http@9.4.16.v20190411 org.eclipse.jetty:jetty-io@9.4.16.v20190411 org.eclipse.jetty:jetty-util@9.4.16.v20190411

Overview

org.eclipse.jetty:jetty-util is a Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more.

Affected versions of this package are vulnerable to Information Exposure. The server running on Windows exposes its qualified base resource directory name to a remote client when it is configured for directory contents listing. However, the information revealed is only restricted to the content in the configured base resource directories.

Remediation

Upgrade org.eclipse.jetty:jetty-util to version 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 or higher.

References