Vulnerabilities

 1 via 3 paths

Dependencies

 91

Source

 GitHub

Commit

 9f0217e0

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 5
Severity
  • 6
Status
  • 6
  • 0
  • 0

medium severity

Uncontrolled Resource Consumption

  • Vulnerable module: commons-io:commons-io
  • Introduced through: commons-io:commons-io@2.7 and io.vertx:vertx-web-api-contract@3.9.16

Detailed paths

  • Introduced through: uclalibrary/fester@uclalibrary/fester#9f0217e00c7613ebfd02781a024eb4c0436ab7fa commons-io:commons-io@2.7
    Remediation: Upgrade to commons-io:commons-io@2.14.0.
  • Introduced through: uclalibrary/fester@uclalibrary/fester#9f0217e00c7613ebfd02781a024eb4c0436ab7fa io.vertx:vertx-web-api-contract@3.9.16 io.swagger.parser.v3:swagger-parser-v3@2.0.21 commons-io:commons-io@2.7
    Remediation: Upgrade to io.vertx:vertx-web-api-contract@4.4.1.
  • Introduced through: uclalibrary/fester@uclalibrary/fester#9f0217e00c7613ebfd02781a024eb4c0436ab7fa io.vertx:vertx-web-api-contract@3.9.16 io.swagger.parser.v3:swagger-parser-v3@2.0.21 io.swagger.core.v3:swagger-core@2.1.4 commons-io:commons-io@2.7
    Remediation: Upgrade to io.vertx:vertx-web-api-contract@3.9.16.

Overview

commons-io:commons-io is a The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption through the XmlStreamReader class. An attacker can cause the application to consume excessive CPU resources by sending specially crafted XML content.

Remediation

Upgrade commons-io:commons-io to version 2.14.0 or higher.

References

Uncontrolled Resource Consumption vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-classic
  • Introduced through: ch.qos.logback:logback-classic@1.4.14

Detailed paths

  • Introduced through: uclalibrary/fester@uclalibrary/fester#9f0217e00c7613ebfd02781a024eb4c0436ab7fa ch.qos.logback:logback-classic@1.4.14

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-core
  • Introduced through: ch.qos.logback:logback-classic@1.4.14

Detailed paths

  • Introduced through: uclalibrary/fester@uclalibrary/fester#9f0217e00c7613ebfd02781a024eb4c0436ab7fa ch.qos.logback:logback-classic@1.4.14 ch.qos.logback:logback-core@1.4.14

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

LGPL-3.0 license

  • Module: com.github.dpaukov:combinatoricslib3
  • Introduced through: info.freelibrary:jiiify-presentation-v3@0.12.4

Detailed paths

  • Introduced through: uclalibrary/fester@uclalibrary/fester#9f0217e00c7613ebfd02781a024eb4c0436ab7fa info.freelibrary:jiiify-presentation-v3@0.12.4 com.github.dpaukov:combinatoricslib3@3.3.0

LGPL-3.0 license

LGPL-3.0 license vulnerability report

medium severity

MPL-2.0 license

  • Module: info.freelibrary:jiiify-presentation-v3
  • Introduced through: info.freelibrary:jiiify-presentation-v3@0.12.4

Detailed paths

  • Introduced through: uclalibrary/fester@uclalibrary/fester#9f0217e00c7613ebfd02781a024eb4c0436ab7fa info.freelibrary:jiiify-presentation-v3@0.12.4

MPL-2.0 license

MPL-2.0 license vulnerability report

medium severity

EPL-1.0 license

  • Module: junit:junit
  • Introduced through: io.vertx:vertx-web-api-contract@3.9.16

Detailed paths

  • Introduced through: uclalibrary/fester@uclalibrary/fester#9f0217e00c7613ebfd02781a024eb4c0436ab7fa io.vertx:vertx-web-api-contract@3.9.16 io.swagger.parser.v3:swagger-parser-v3@2.0.21 junit:junit@4.13.2

EPL-1.0 license

EPL-1.0 license vulnerability report