levyforchh / carbon-mediation Goto Github PK
View Code? Open in Web Editor NEWThis project forked from wso2/carbon-mediation
This project forked from wso2/carbon-mediation
Tomcat Servlet Engine Core Classes and Standard implementations
Library home page: https://tomcat.apache.org/
Path to dependency file: /carbon-mediation/components/mediation-ui/mediators-ui/org.wso2.carbon.mediator.script.ui/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
Publish Date: 2019-04-15
URL: CVE-2019-0232
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232
Release Date: 2019-04-15
Fix Resolution: 9.0.18,8.5.40,7.0.94
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
Publish Date: 2019-03-21
URL: CVE-2018-12022
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
Release Date: 2019-03-21
Fix Resolution: 2.7.9.4, 2.8.11.2, 2.9.6
XMLTooling-J is a low-level library that may be used to construct libraries that allow developers to work with XML in a Java beans manner.
Library home page: http://opensaml.org/
Path to dependency file: /carbon-mediation/components/mediation-admin/org.wso2.carbon.proxyadmin.common/pom.xml
Path to vulnerable library: /root/.m2/repository/org/opensaml/xmltooling/1.4.4/xmltooling-1.4.4.jar,/root/.m2/repository/org/opensaml/xmltooling/1.4.4/xmltooling-1.4.4.jar,/root/.m2/repository/org/opensaml/xmltooling/1.4.4/xmltooling-1.4.4.jar,/root/.m2/repository/org/opensaml/xmltooling/1.4.4/xmltooling-1.4.4.jar,/root/.m2/repository/org/opensaml/xmltooling/1.4.4/xmltooling-1.4.4.jar,/root/.m2/repository/org/opensaml/xmltooling/1.4.4/xmltooling-1.4.4.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
Publish Date: 2014-02-14
URL: CVE-2013-6440
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6440
Release Date: 2019-02-11
Fix Resolution: 2.6.1
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
Publish Date: 2019-06-19
URL: CVE-2019-12814
Base Score Metrics:
Type: Change files
Origin: FasterXML/jackson-databind@5f7c69b
Release Date: 2019-06-14
Fix Resolution: Replace or update the following files: SubTypeValidator.java, VERSION
Types that extend and augment the Java Collections Framework.
Library home page: http://commons.apache.org/collections/
Path to dependency file: /carbon-mediation/components/mediation-ui/mediators-ui/org.wso2.carbon.mediator.bean.ui/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.
Publish Date: 2017-12-11
URL: CVE-2017-15708
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15708
Release Date: 2017-12-11
Fix Resolution: Apache Synapse - 3.0.1;Apache Commons Collections - 3.2.2
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14721
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14721
Release Date: 2019-01-02
Fix Resolution: 2.9.7
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
jackson-databind has a Potential information exfiltration with default typing. versions 2.7.9.x < 2.7.9.4, 2.8.x < 2.8.11.2, 2.9.x < 2.9.6
Publish Date: 2018-12-13
URL: CVE-2018-11307
Type: Upgrade version
Origin: FasterXML/jackson-databind#2032
Release Date: 2019-03-17
Fix Resolution: jackson-databind-2.9.6
Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
Library home page: http://xerces.apache.org/xerces2-j/
Path to dependency file: /carbon-mediation/components/org.wso2.carbon.integrator.core/pom.xml
Path to vulnerable library: /root/.m2/repository/xerces/xercesImpl/2.8.1/xercesImpl-2.8.1.jar,/root/.m2/repository/xerces/xercesImpl/2.8.1/xercesImpl-2.8.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
Publish Date: 2017-10-30
URL: CVE-2012-0881
Base Score Metrics:
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/XERCESJ-1685
Release Date: 2017-10-30
Fix Resolution: 2.12.0
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
Publish Date: 2019-05-17
URL: CVE-2019-12086
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
Release Date: 2019-05-17
Fix Resolution: 2.9.9
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19361
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Hazelcast In-Memory DataGrid
Library home page: http://www.hazelcast.com/hazelcast-all/
Path to dependency file: /carbon-mediation/components/mediators/cache/org.wso2.carbon.mediator.cache/pom.xml
Path to vulnerable library: /root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar,/root/.m2/repository/com/hazelcast/hazelcast-all/3.5.4/hazelcast-all-3.5.4.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.
Publish Date: 2019-05-22
URL: CVE-2016-10750
Base Score Metrics:
Type: Upgrade version
Origin: hazelcast/hazelcast#8024
Release Date: 2019-05-22
Fix Resolution: v3.11
Types that extend and augment the Java Collections Framework.
Library home page: http://commons.apache.org/collections/
Path to dependency file: /carbon-mediation/components/mediation-ui/mediators-ui/org.wso2.carbon.mediator.bean.ui/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Publish Date: 2015-12-15
URL: CVE-2015-6420
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-6420
Release Date: 2019-04-08
Fix Resolution: 3.2.2,4.1
Tomcat Servlet Engine Core Classes and Standard implementations
Library home page: https://tomcat.apache.org/
Path to dependency file: /carbon-mediation/components/mediation-ui/mediators-ui/org.wso2.carbon.mediator.script.ui/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar,/root/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.93/tomcat-catalina-7.0.93.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
Publish Date: 2017-08-10
URL: CVE-2016-0762
Base Score Metrics:
Apache POI - Java API To Access Microsoft Format Files
Library home page: http://poi.apache.org/
Path to dependency file: /carbon-mediation/components/mediation-admin/org.wso2.carbon.proxyadmin/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.
Publish Date: 2015-01-06
URL: CVE-2014-9527
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9527
Release Date: 2015-01-06
Fix Resolution: REL_3_11_FINAL
The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP website. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.
Library home page: http://www.esapi.org/
Path to dependency file: /carbon-mediation/components/mediation-cg/org.wso2.carbon.cloud.gateway/pom.xml
Path to vulnerable library: /root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar,/root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar,/root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar,/root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar,/root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar,/root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.
Publish Date: 2013-09-30
URL: CVE-2013-5960
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-5960
Release Date: 2013-09-30
Fix Resolution: 2.1.0.1
Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements XSL Transformations (XSLT) Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from the command line, in an applet or a servlet, or as a module in other program.
Library home page: http://xml.apache.org/xalan-j/
Path to dependency file: /carbon-mediation/components/mediation-ui/mediators-ui/org.wso2.carbon.mediator.payloadfactory.ui/pom.xml
Path to vulnerable library: /root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar,/root/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar
Dependency Hierarchy:
null
Path to dependency file: /carbon-mediation/components/event-sink/org.wso2.carbon.event.sink/pom.xml
Path to vulnerable library: /root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar,/root/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
Publish Date: 2014-04-15
URL: CVE-2014-0107
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/XALANJ-2435
Release Date: 2014-03-25
Fix Resolution: Upgrade to version 2.7.2 or greater
null
Library home page: http://hc.apache.org/httpcomponents-client
Path to dependency file: /carbon-mediation/components/mediation-admin/org.wso2.carbon.mediation.artifactuploader/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Apache httpclient before 4.5.3 are vulnerable to Directory Traversal. The user-provided path was able to override the specified host, resulting in giving network access to a sensitive environment.
Publish Date: 2019-05-30
URL: WS-2017-3734
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/HTTPCLIENT-1803
Release Date: 2019-05-30
Fix Resolution: httpclient-4.5.3
Types that extend and augment the Java Collections Framework.
Library home page: http://commons.apache.org/collections/
Path to dependency file: /carbon-mediation/components/mediation-ui/mediators-ui/org.wso2.carbon.mediator.bean.ui/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Publish Date: 2017-11-09
URL: CVE-2015-7501
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7501
Release Date: 2017-12-31
Fix Resolution: Upgrade to version apache-commons-collections 4.1, apache-commons-collections 3.2.2 or greater
BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Library home page: http://commons.apache.org/beanutils/
Path to dependency file: /carbon-mediation/components/mediators/bam/org.wso2.carbon.mediator.bam.config.ui/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar,2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar,/root/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar,/root/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar,/root/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Publish Date: 2014-04-30
URL: CVE-2014-0114
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201607-09
Release Date: 2016-07-20
Fix Resolution: All Commons BeanUtils users should upgrade to the latest version >= commons-beanutils-1.9.2
Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the library supports the standard Java API JSR-105: XML Digital Signature APIs.
Library home page: http://santuario.apache.org/
Path to dependency file: /carbon-mediation/components/mediation-cg/org.wso2.carbon.cloud.gateway.agent.ui/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar,/root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar,/root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar,/root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar,/root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar,/root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Publish Date: 2013-08-20
URL: CVE-2013-2172
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-2172
Release Date: 2013-08-20
Fix Resolution: 1.4.8,1.5.5
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
FasterXML jackson-databind 2.x before 2.9.9 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
Publish Date: 2019-06-24
URL: CVE-2019-12384
Base Score Metrics:
Type: Change files
Origin: FasterXML/jackson-databind@c9ef4a1
Release Date: 2019-06-13
Fix Resolution: Replace or update the following files: SubTypeValidator.java, VERSION
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
Publish Date: 2019-03-21
URL: CVE-2018-12023
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022
Release Date: 2019-03-21
Fix Resolution: 2.7.9.4, 2.8.11.2, 2.9.6
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19360
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Apache POI - Java API To Access Microsoft Format Files
Library home page: http://poi.apache.org/
Path to dependency file: /carbon-mediation/components/mediation-cg/org.wso2.carbon.cloud.gateway.agent/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Publish Date: 2014-09-04
URL: CVE-2014-3529
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-3529
Release Date: 2014-09-04
Fix Resolution: 3.10.1
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
Publish Date: 2018-02-06
URL: CVE-2017-15095
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-15095
Release Date: 2018-02-06
Fix Resolution: 2.8.10,2.9.1
Spring Framework Parent
Path to dependency file: /carbon-mediation/components/mediation-ui/mediators-ui/org.wso2.carbon.mediator.call.ui/pom.xml
Path to vulnerable library: /root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar,/root/.m2/repository/org/springframework/spring-core/3.0.7.RELEASE/spring-core-3.0.7.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
Publish Date: 2018-04-06
URL: CVE-2018-1272
Base Score Metrics:
Type: Change files
Origin: spring-projects/spring-framework@ab2410c
Release Date: 2018-03-24
Fix Resolution: Replace or update the following file: MimeTypeUtils.java
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
Publish Date: 2018-02-26
URL: CVE-2018-7489
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-7489
Release Date: 2018-02-26
Fix Resolution: 2.8.11.1,2.9.5
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
Publish Date: 2018-01-10
URL: CVE-2017-17485
Base Score Metrics:
Type: Change files
Origin: FasterXML/jackson-databind@bb45fb1
Release Date: 2017-12-19
Fix Resolution: Replace or update the following files: AbstractApplicationContext.java, AbstractPointcutAdvisor.java, BogusApplicationContext.java, SubTypeValidator.java, BogusPointcutAdvisor.java, IllegalTypesCheckTest.java
Apache POI - Java API To Access Microsoft Format Files
Library home page: http://poi.apache.org/
Path to dependency file: /carbon-mediation/components/mediation-cg/org.wso2.carbon.cloud.gateway.agent/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Publish Date: 2017-03-24
URL: CVE-2017-5644
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-5644
Release Date: 2019-04-08
Fix Resolution: 3.15
null
Path to dependency file: /carbon-mediation/components/mediation-admin/org.wso2.carbon.mediation.templates/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper?s getACL() command doesn?t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
Publish Date: 2019-05-23
URL: CVE-2019-0201
Base Score Metrics:
Type: Upgrade version
Origin: https://zookeeper.apache.org/security.html
Release Date: 2019-05-23
Fix Resolution: 3.4.14, 3.5.5
BeanShell
Path to dependency file: /carbon-mediation/components/mediators/entitlement/org.wso2.carbon.identity.entitlement.mediator/pom.xml
Path to vulnerable library: /root/.m2/repository/org/beanshell/bsh/2.0b4/bsh-2.0b4.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
Publish Date: 2016-04-07
URL: CVE-2016-2510
Base Score Metrics:
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201607-17
Release Date: 2016-07-30
Fix Resolution: All BeanShell users should upgrade to the latest version >= bsh-2.0_beta6
c3p0 is an easy-to-use library for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension.
Library home page: http://c3p0.sourceforge.net
Path to dependency file: /carbon-mediation/components/mediation-config-admin/org.wso2.carbon.mediation.configadmin/pom.xml
Path to vulnerable library: /root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar,/root/.m2/repository/c3p0/c3p0/0.9.1.1/c3p0-0.9.1.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
Publish Date: 2019-04-22
URL: CVE-2019-5427
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5427
Release Date: 2019-04-22
Fix Resolution: c3p0-0.9.5.4
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19362
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Apache POI - Java API To Access Microsoft Format Files
Library home page: http://poi.apache.org/
Path to dependency file: /carbon-mediation/components/mediation-config-admin/org.wso2.carbon.mediation.configadmin/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/poi/poi/3.9/poi-3.9.jar,/root/.m2/repository/org/apache/poi/poi/3.9/poi-3.9.jar,/root/.m2/repository/org/apache/poi/poi/3.9/poi-3.9.jar,/root/.m2/repository/org/apache/poi/poi/3.9/poi-3.9.jar,/root/.m2/repository/org/apache/poi/poi/3.9/poi-3.9.jar,/root/.m2/repository/org/apache/poi/poi/3.9/poi-3.9.jar,/root/.m2/repository/org/apache/poi/poi/3.9/poi-3.9.jar,/root/.m2/repository/org/apache/poi/poi/3.9/poi-3.9.jar,/root/.m2/repository/org/apache/poi/poi/3.9/poi-3.9.jar,/root/.m2/repository/org/apache/poi/poi/3.9/poi-3.9.jar,/root/.m2/repository/org/apache/poi/poi/3.9/poi-3.9.jar
Dependency Hierarchy:
Apache POI - Java API To Access Microsoft Format Files
Library home page: http://poi.apache.org/
Path to dependency file: /carbon-mediation/components/mediation-admin/org.wso2.carbon.proxyadmin/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar,/root/.m2/repository/org/apache/poi/poi-scratchpad/3.9/poi-scratchpad-3.9.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).
Publish Date: 2018-01-29
URL: CVE-2017-12626
Base Score Metrics:
Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the library supports the standard Java API JSR-105: XML Digital Signature APIs.
Library home page: http://santuario.apache.org/
Path to dependency file: /carbon-mediation/components/mediation-cg/org.wso2.carbon.cloud.gateway.agent.ui/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar,/root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar,/root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar,/root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar,/root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar,/root/.m2/repository/org/apache/santuario/xmlsec/1.5.5/xmlsec-1.5.5.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
Publish Date: 2014-01-11
URL: CVE-2013-4517
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-4517
Release Date: 2014-01-11
Fix Resolution: 1.5.6
The OpenSAML-J library provides tools to support developers working with the Security Assertion Markup Language (SAML).
Library home page: http://opensaml.org/
Path to dependency file: /carbon-mediation/components/mediation-admin/org.wso2.carbon.proxyadmin.common/pom.xml
Path to vulnerable library: /root/.m2/repository/org/opensaml/opensaml/2.6.4/opensaml-2.6.4.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.4/opensaml-2.6.4.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.4/opensaml-2.6.4.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.4/opensaml-2.6.4.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.4/opensaml-2.6.4.jar,/root/.m2/repository/org/opensaml/opensaml/2.6.4/opensaml-2.6.4.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.
Publish Date: 2015-07-08
URL: CVE-2015-1796
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1796
Release Date: 2019-02-19
Fix Resolution: 2.6.5
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
Publish Date: 2018-01-22
URL: CVE-2018-5968
Base Score Metrics:
Type: Upgrade version
Origin: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968
Release Date: 2018-01-22
Fix Resolution: 2.8.11.1, 2.9.4
Core Jackson abstractions, basic JSON streaming API implementation
Library home page: https://github.com/FasterXML/jackson-core
Path to dependency file: /carbon-mediation/components/org.wso2.carbon.integrator.core/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.7.9/jackson-core-2.7.9.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.7.9/jackson-core-2.7.9.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.7.9/jackson-core-2.7.9.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
In Jackson Core before version 2.8.6 if the REST endpoint consumes POST requests with JSON or XML data and data are invalid, the first unrecognized token is printed to server.log. If the first token is word of length 10MB, the whole word is printed. This is potentially dangerous and can be used to attack the server by filling the disk with logs.
Publish Date: 2018-06-24
URL: WS-2018-0124
Type: Upgrade version
Origin: https://issues.jboss.org/browse/JBEAP-6316
Release Date: 2018-01-24
Fix Resolution: 2.8.6
dom4j: the flexible XML framework for Java
Library home page: http://dom4j.org
Path to dependency file: /carbon-mediation/components/inbound-endpoints/org.wso2.carbon.inbound.endpoint.persistence/pom.xml
Path to vulnerable library: /root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar,/root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Publish Date: 2018-08-20
URL: CVE-2018-1000632
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-1000632
Release Date: 2018-08-20
Fix Resolution: 2.1.1
Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
Library home page: http://xerces.apache.org/xerces2-j/
Path to dependency file: /carbon-mediation/components/org.wso2.carbon.integrator.core/pom.xml
Path to vulnerable library: /root/.m2/repository/xerces/xercesImpl/2.8.1/xercesImpl-2.8.1.jar,/root/.m2/repository/xerces/xercesImpl/2.8.1/xercesImpl-2.8.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
Publish Date: 2009-08-06
URL: CVE-2009-2625
Type: Upgrade version
Origin: http://www.securitytracker.com/id?1022680
Release Date: 2017-12-31
Fix Resolution: The vendor has issued a fix for Windows, Solaris, and Linux:
Java SE releases are available at:
JDK and JRE 6 Update 15:
http://java.sun.com/javase/downloads/index.jsp
JRE 6 Update 15:
through the Java Update tool for Microsoft Windows users.
JDK 6 Update 15 for Solaris is available in the following patches:
JDK and JRE 5.0 Update 20:
http://java.sun.com/javase/downloads/index_jdk5.jsp
JDK 5.0 Update 20 for Solaris is available in the following patches:
Java SE for Business releases are available at:
http://www.sun.com/software/javaseforbusiness/getit_download.jsp
Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see:
http://www.java.com/en/download/help/5000010800.xml
The vendor's advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1
A Java SSL component library
Library home page: http://juliusdavies.ca/commons-ssl
Path to dependency file: /carbon-mediation/components/business-adaptors/hl7/org.wso2.carbon.business.messaging.hl7.samples/pom.xml
Path to vulnerable library: /root/.m2/repository/ca/juliusdavies/not-yet-commons-ssl/0.3.9/not-yet-commons-ssl-0.3.9.jar,/root/.m2/repository/ca/juliusdavies/not-yet-commons-ssl/0.3.9/not-yet-commons-ssl-0.3.9.jar,/root/.m2/repository/ca/juliusdavies/not-yet-commons-ssl/0.3.9/not-yet-commons-ssl-0.3.9.jar,/root/.m2/repository/ca/juliusdavies/not-yet-commons-ssl/0.3.9/not-yet-commons-ssl-0.3.9.jar,/root/.m2/repository/ca/juliusdavies/not-yet-commons-ssl/0.3.9/not-yet-commons-ssl-0.3.9.jar,/root/.m2/repository/ca/juliusdavies/not-yet-commons-ssl/0.3.9/not-yet-commons-ssl-0.3.9.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Publish Date: 2014-10-25
URL: CVE-2014-3604
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-3604
Release Date: 2014-10-25
Fix Resolution: 0.3.15
The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP website. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.
Library home page: http://www.esapi.org/
Path to dependency file: /carbon-mediation/components/mediation-cg/org.wso2.carbon.cloud.gateway/pom.xml
Path to vulnerable library: /root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar,/root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar,/root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar,/root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar,/root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar,/root/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.
Publish Date: 2013-09-30
URL: CVE-2013-5679
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-5679
Release Date: 2013-09-30
Fix Resolution: 2.1.0
null
Path to dependency file: /carbon-mediation/components/mediation-admin/org.wso2.carbon.mediation.templates/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar,/root/.m2/repository/org/apache/zookeeper/zookeeper/3.3.4/zookeeper-3.3.4.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
Publish Date: 2018-05-21
URL: CVE-2018-8012
Base Score Metrics:
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1040948
Release Date: 2018-05-20
Fix Resolution: 3.4.10
General data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /carbon-mediation/components/mediation-monitor/mediation-data-publisher/org.wso2.carbon.prometheus.publisher/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar,/root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.7.9.1/jackson-databind-2.7.9.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14718
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14718
Release Date: 2019-01-02
Fix Resolution: 2.9.7
Apache POI - Java API To Access Microsoft Format Files
Library home page: http://poi.apache.org/
Path to dependency file: /carbon-mediation/components/mediation-cg/org.wso2.carbon.cloud.gateway.agent/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar,/root/.m2/repository/org/apache/poi/poi-ooxml/3.9/poi-ooxml-3.9.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Publish Date: 2014-09-04
URL: CVE-2014-3574
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-3574
Release Date: 2014-09-04
Fix Resolution: 3.10.1,3.11-beta2
Types that extend and augment the Java Collections Framework.
Library home page: http://commons.apache.org/collections/
Path to dependency file: /carbon-mediation/components/mediation-ui/mediators-ui/org.wso2.carbon.mediator.bean.ui/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar,/root/.m2/repository/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
Publish Date: 2015-11-18
URL: CVE-2015-4852
Type: Upgrade version
Origin: https://www.openwall.com/lists/oss-security/2015/11/17/19
Release Date: 2015-11-18
Fix Resolution: 3.2.2
null
Library home page: http://hc.apache.org/httpcomponents-client
Path to dependency file: /carbon-mediation/components/mediation-admin/org.wso2.carbon.mediation.artifactuploader/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
Publish Date: 2014-08-21
URL: CVE-2014-3577
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-3577
Release Date: 2014-08-21
Fix Resolution: 4.3.5,4.0.2
Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
Library home page: http://xerces.apache.org/xerces2-j/
Path to dependency file: /carbon-mediation/components/org.wso2.carbon.integrator.core/pom.xml
Path to vulnerable library: /root/.m2/repository/xerces/xercesImpl/2.8.1/xercesImpl-2.8.1.jar,/root/.m2/repository/xerces/xercesImpl/2.8.1/xercesImpl-2.8.1.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.
Publish Date: 2013-07-23
URL: CVE-2013-4002
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-4002
Release Date: 2013-07-23
Fix Resolution: 5.0 SR16-FP3,6 SR14,6.0.1 SR6,7 SR5
null
Path to dependency file: /carbon-mediation/components/mediation-cg/org.wso2.carbon.cloud.gateway.common/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar,/root/.m2/repository/org/apache/thrift/libthrift/0.9.2/libthrift-0.9.2.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
Publish Date: 2019-01-07
URL: CVE-2018-1320
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1320
Release Date: 2019-01-07
Fix Resolution: 0.12.0
null
Library home page: http://hc.apache.org/httpcomponents-client
Path to dependency file: /carbon-mediation/components/mediation-admin/org.wso2.carbon.mediation.artifactuploader/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar,/root/.m2/repository/org/apache/httpcomponents/httpclient/4.3.2/httpclient-4.3.2.jar
Dependency Hierarchy:
Found in HEAD commit: b3da2491f455afc6823905dfa1234a43e48d0881
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
Publish Date: 2015-10-27
URL: CVE-2015-5262
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-5262
Release Date: 2015-10-27
Fix Resolution: 4.3.6
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.