Vulnerabilities

 1 via 3 paths

Dependencies

 123

Source

 GitHub

Commit

 3d0ba42d

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 2
Severity
  • 1
  • 2
Status
  • 3
  • 0
  • 0

high severity

Uncontrolled Recursion

  • Vulnerable module: org.apache.commons:commons-lang3
  • Introduced through: org.springdoc:springdoc-openapi-starter-common@2.8.14, org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14 and others

Detailed paths

  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springdoc:springdoc-openapi-starter-common@2.8.14 io.swagger.core.v3:swagger-core-jakarta@2.2.38 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-common@2.8.14.
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14 org.springdoc:springdoc-openapi-starter-webmvc-api@2.8.14 org.springdoc:springdoc-openapi-starter-common@2.8.14 io.swagger.core.v3:swagger-core-jakarta@2.2.38 org.apache.commons:commons-lang3@3.17.0
    Remediation: Upgrade to org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14.
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 io.mongock:mongock-springboot@5.5.1 io.mongock:mongock-springboot-base@5.5.1 io.mongock:mongock-spring-base@5.5.1 io.mongock:mongock-runner-core@5.5.1 org.apache.maven:maven-artifact@3.6.1 org.apache.commons:commons-lang3@3.17.0

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values.

Remediation

Upgrade org.apache.commons:commons-lang3 to version 3.18.0 or higher.

References

Uncontrolled Recursion vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-classic
  • Introduced through: io.sentry:sentry-spring-boot-starter-jakarta@8.29.0, org.springframework.boot:spring-boot-starter-validation@3.5.7 and others

Detailed paths

  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 io.sentry:sentry-spring-boot-starter-jakarta@8.29.0 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-validation@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-mail@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-security@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-thymeleaf@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-web@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-data-mongodb@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springdoc:springdoc-openapi-starter-common@2.8.14 org.springframework.boot:spring-boot-starter-validation@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-web@3.5.7 org.springframework.boot:spring-boot-starter-json@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14 org.springdoc:springdoc-openapi-starter-webmvc-api@2.8.14 org.springdoc:springdoc-openapi-starter-common@2.8.14 org.springframework.boot:spring-boot-starter-validation@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-core
  • Introduced through: io.sentry:sentry-spring-boot-starter-jakarta@8.29.0, org.springframework.boot:spring-boot-starter-validation@3.5.7 and others

Detailed paths

  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 io.sentry:sentry-spring-boot-starter-jakarta@8.29.0 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20 ch.qos.logback:logback-core@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-validation@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20 ch.qos.logback:logback-core@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-mail@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20 ch.qos.logback:logback-core@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-security@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20 ch.qos.logback:logback-core@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-thymeleaf@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20 ch.qos.logback:logback-core@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-web@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20 ch.qos.logback:logback-core@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-data-mongodb@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20 ch.qos.logback:logback-core@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springdoc:springdoc-openapi-starter-common@2.8.14 org.springframework.boot:spring-boot-starter-validation@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20 ch.qos.logback:logback-core@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springframework.boot:spring-boot-starter-web@3.5.7 org.springframework.boot:spring-boot-starter-json@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20 ch.qos.logback:logback-core@1.5.20
  • Introduced through: skyYaga/skdvin-api@skyYaga/skdvin-api#3d0ba42de971b91f6108ee64fa93af1031f51da9 org.springdoc:springdoc-openapi-starter-webmvc-ui@2.8.14 org.springdoc:springdoc-openapi-starter-webmvc-api@2.8.14 org.springdoc:springdoc-openapi-starter-common@2.8.14 org.springframework.boot:spring-boot-starter-validation@3.5.7 org.springframework.boot:spring-boot-starter@3.5.7 org.springframework.boot:spring-boot-starter-logging@3.5.7 ch.qos.logback:logback-classic@1.5.20 ch.qos.logback:logback-core@1.5.20

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report