【!】NEILREN.COM 的旧版本, Java Spring 版本,RenFei.Net 替代了 NEILREN4J。NEILREN 的个人网站 Java版,使用了SpringBoot,MyBatis,Thymeleaf等开源项目组建。
Home Page: https://www.neilren.com/
License: Apache License 2.0
Vulnerable Libraries - jquery-1.10.2.js, jquery-3.3.1.min.js, jquery-3.3.1.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.js
Path to vulnerable library: /NEILREN4J/target/classes/static/js/ueditor/third-party/jquery-1.10.2.js,/NEILREN4J/src/main/resources/static/js/ueditor/third-party/jquery-1.10.2.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Path to vulnerable library: /NEILREN4J/target/classes/static/js/jquery-3.3.1.min.js,/NEILREN4J/src/main/resources/static/js/jquery-3.3.1.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.js
Path to vulnerable library: /NEILREN4J/target/classes/static/js/jquery-3.3.1.js,/NEILREN4J/src/main/resources/static/js/jquery-3.3.1.js
Dependency Hierarchy:
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
在源代码中没找到网站的后台管理功能,我该如何管理网站呢?
Vulnerable Library - bootstrap-3.3.7-3.3.13.jsGoogle-styled theme for Bootstrap.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/todc-bootstrap/3.3.7-3.3.13/js/bootstrap.js
Path to vulnerable library: /NEILREN4J/src/main/resources/static/js/bootstrap.js,/NEILREN4J/target/classes/static/js/bootstrap.js
Dependency Hierarchy:
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14040
Release Date: 2018-07-13
Fix Resolution: 4.1.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - spring-data-jpa-2.0.8.RELEASE.jarSpring Data module for JPA repositories.
Library home page: http://projects.spring.io/spring-data-jpa
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/org/springframework/data/spring-data-jpa/2.0.8.RELEASE/spring-data-jpa-2.0.8.RELEASE.jar
Dependency Hierarchy:
Vulnerability Details
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly.
Publish Date: 2019-05-06
URL: CVE-2019-3797
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2019-3797
Release Date: 2019-04-15
Fix Resolution: 1.11.20, 2.0.14, 2.1.6
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jackson-databind-2.9.6.jarGeneral data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Vulnerability Details
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19361
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - tomcat-embed-websocket-8.5.31.jarCore Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/8.5.31/tomcat-embed-websocket-8.5.31.jar
Dependency Hierarchy:
Vulnerability Details
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
Publish Date: 2018-08-01
URL: CVE-2018-8034
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8034
Release Date: 2018-01-07
Fix Resolution: 7.0.90, 8.0.53, 8.5.32, 9.0.10
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jackson-databind-2.9.6.jarGeneral data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Vulnerability Details
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19362
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jackson-databind-2.9.6.jarGeneral data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Vulnerability Details
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14720
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14720
Release Date: 2019-01-02
Fix Resolution: 2.9.7
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jackson-databind-2.9.6.jarGeneral data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Vulnerability Details
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
Publish Date: 2018-01-22
URL: CVE-2018-5968
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5968
Release Date: 2018-01-22
Fix Resolution: 2.8.11.1, 2.9.4
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jackson-datatype-jsr310-2.9.6.jarAdd-on module to support JSR-310 (Java 8 Date & Time API) data types.
Library home page: https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.9.6/jackson-datatype-jsr310-2.9.6.jar
Dependency Hierarchy:
Vulnerability Details
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
Publish Date: 2018-12-20
URL: CVE-2018-1000873
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000873
Release Date: 2018-12-20
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jackson-databind-2.9.6.jarGeneral data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Vulnerability Details
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14721
CVSS 3 Score Details (10.0)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14721
Release Date: 2019-01-02
Fix Resolution: 2.9.7
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - bootstrap-3.3.7-3.3.13.jsGoogle-styled theme for Bootstrap.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/todc-bootstrap/3.3.7-3.3.13/js/bootstrap.js
Path to vulnerable library: /NEILREN4J/src/main/resources/static/js/bootstrap.js,/NEILREN4J/target/classes/static/js/bootstrap.js
Dependency Hierarchy:
Vulnerability Details
XSS in data-target in bootstrap (3.3.7 and before)
Publish Date: 2017-06-27
URL: WS-2018-0021
CVSS 2 Score Details (6.5)
Base Score Metrics not available
Suggested Fix
Type: Change files
Origin: twbs/bootstrap@d9be1da
Release Date: 2017-08-25
Fix Resolution: Replace or update the following files: alert.js, carousel.js, collapse.js, dropdown.js, modal.js
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jackson-databind-2.9.6.jarGeneral data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Vulnerability Details
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14718
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14718
Release Date: 2019-01-02
Fix Resolution: 2.9.7
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - spring-web-5.0.7.RELEASE.jarSpring Web
Library home page: https://github.com/spring-projects/spring-framework
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/org/springframework/spring-web/5.0.7.RELEASE/spring-web-5.0.7.RELEASE.jar
Dependency Hierarchy:
Vulnerability Details
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
Publish Date: 2018-10-18
URL: CVE-2018-15756
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://pivotal.io/security/cve-2018-15756
Release Date: 2018-10-18
Fix Resolution: 4.3.20,5.0.10,5.1.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - commons-codec-1.11.jarThe Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.
Library home page: http://commons.apache.org/proper/commons-codec/
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/commons-codec/commons-codec/1.11/commons-codec-1.11.jar
Dependency Hierarchy:
Vulnerability Details
Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.
Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability
Publish Date: 2007-10-07
URL: WS-2009-0001
CVSS 2 Score Details (0.0)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - bootstrap-3.3.7-3.3.13.jsGoogle-styled theme for Bootstrap.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/todc-bootstrap/3.3.7-3.3.13/js/bootstrap.js
Path to vulnerable library: /NEILREN4J/src/main/resources/static/js/bootstrap.js,/NEILREN4J/target/classes/static/js/bootstrap.js
Dependency Hierarchy:
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
Publish Date: 2018-07-13
URL: CVE-2018-14041
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Change files
Origin: twbs/bootstrap@3229efc
Release Date: 2018-05-30
Fix Resolution: Replace or update the following file: scrollspy.js
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-1.10.2.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.js
Path to vulnerable library: /NEILREN4J/target/classes/static/js/ueditor/third-party/jquery-1.10.2.js,/NEILREN4J/src/main/resources/static/js/ueditor/third-party/jquery-1.10.2.js
Dependency Hierarchy:
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: 3.0.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - tomcat-embed-core-8.5.31.jarCore Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.31/tomcat-embed-core-8.5.31.jar
Dependency Hierarchy:
Vulnerability Details
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.
Publish Date: 2018-08-02
URL: CVE-2018-8037
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1041376
Release Date: 2018-02-07
Fix Resolution: 8.5.32, 9.0.10
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jackson-databind-2.9.6.jarGeneral data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Vulnerability Details
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
Publish Date: 2019-05-17
URL: CVE-2019-12086
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086
Release Date: 2019-05-17
Fix Resolution: 2.9.9
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - tomcat-embed-core-8.5.31.jarCore Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.31/tomcat-embed-core-8.5.31.jar
Dependency Hierarchy:
Vulnerability Details
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
Publish Date: 2018-05-16
URL: CVE-2018-8014
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Change files
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-8014
Release Date: 2019-04-08
Fix Resolution: Replace or update the following files: 7.0.89, 8.0.53, 8.5.32, 9.0.9
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - tomcat-embed-core-8.5.31.jarCore Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.31/tomcat-embed-core-8.5.31.jar
Dependency Hierarchy:
Vulnerability Details
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
Publish Date: 2019-04-10
URL: CVE-2019-0199
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0199
Release Date: 2019-04-10
Fix Resolution: 8.5.38,9.0.14
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jackson-databind-2.9.6.jarGeneral data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Vulnerability Details
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-14719
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14719
Release Date: 2019-01-02
Fix Resolution: 2.9.7
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - bootstrap-3.3.7-3.3.13.jsGoogle-styled theme for Bootstrap.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/todc-bootstrap/3.3.7-3.3.13/js/bootstrap.js
Path to vulnerable library: /NEILREN4J/src/main/resources/static/js/bootstrap.js,/NEILREN4J/target/classes/static/js/bootstrap.js
Dependency Hierarchy:
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042
Release Date: 2018-07-13
Fix Resolution: 4.1.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jackson-databind-2.9.6.jarGeneral data-binding functionality for Jackson: works on core streaming API
Library home page: http://github.com/FasterXML/jackson
Path to dependency file: /NEILREN4J/pom.xml
Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.6/jackson-databind-2.9.6.jar
Dependency Hierarchy:
Vulnerability Details
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Publish Date: 2019-01-02
URL: CVE-2018-19360
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360
Release Date: 2019-01-02
Fix Resolution: 2.9.8
Step up your Open Source Security Game with WhiteSource here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
