rjackson64840 / test-project-804 Goto Github PK

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2016-6797] Improper Access Control

Details about the vulnerability are available on the OSS Index page for [CVE-2016-6797] Improper Access Control.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 9.8
Vulnerability: [CVE-2017-5651] Data Handling

Details about the vulnerability are available on the OSS Index page for [CVE-2017-5651] Data Handling.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: com.fasterxml.jackson.core:jackson-databind:2.9.0
CVSS Score: 8.1
Vulnerability: [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data

Details about the vulnerability are available on the OSS Index page for [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.httpcomponents:httpclient:4.3
CVSS Score: 9.8
Vulnerability: [CVE-2013-4366] http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 ...

Details about the vulnerability are available on the OSS Index page for [CVE-2013-4366] http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 ....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 8.1
Vulnerability: [CVE-2016-5388] Improper Access Control

Details about the vulnerability are available on the OSS Index page for [CVE-2016-5388] Improper Access Control.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2018-8014] The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to ...

Details about the vulnerability are available on the OSS Index page for [CVE-2018-8014] The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to ....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2016-6817] Improper Restriction of Operations within the Bounds of a Memory Buffer

Details about the vulnerability are available on the OSS Index page for [CVE-2016-6817] Improper Restriction of Operations within the Bounds of a Memory Buffer.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of org.apache.tomcat.embed:tomcat-embed-core:8.5.0 results in the following vulnerability(s):

• (CVSS 9.8) [CVE-2017-5651] Data Handling
• (CVSS 9.1) [CVE-2017-5648] Improper Access Control
• (CVSS 8.1) [CVE-2017-12617] When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC...
• (CVSS 8.1) [CVE-2016-5388] Improper Access Control
• (CVSS 7.5) [CVE-2018-8014] The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to ...
• (CVSS 7.5) [CVE-2017-5664] The error page mechanism of the Java Servlet Specification requires that, when a...
• (CVSS 7.5) [CVE-2016-6817] Improper Restriction of Operations within the Bounds of a Memory Buffer
• (CVSS 7.5) [CVE-2017-7675] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")
• (CVSS 7.5) [CVE-2017-5650] Resource Management Errors
• (CVSS 7.5) [CVE-2016-8745] A bug in the error handling of the send file code for the NIO HTTP connector in ...
• (CVSS 7.5) [CVE-2017-5647] Information Exposure
• (CVSS 7.5) [CVE-2016-6797] Improper Access Control
• (CVSS 7.1) [CVE-2016-6816] Improper Input Validation

Occurrences

org.apache.tomcat.embed:tomcat-embed-core:8.5.0 is a transitive dependency introduced by the following direct dependency(s):

• org.apache.tomcat.embed\[email protected]

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2017-5650] Resource Management Errors

Details about the vulnerability are available on the OSS Index page for [CVE-2017-5650] Resource Management Errors.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2016-8745] A bug in the error handling of the send file code for the NIO HTTP connector in ...

Details about the vulnerability are available on the OSS Index page for [CVE-2016-8745] A bug in the error handling of the send file code for the NIO HTTP connector in ....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2017-5647] Information Exposure

Details about the vulnerability are available on the OSS Index page for [CVE-2017-5647] Information Exposure.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: com.fasterxml.jackson.core:jackson-databind:2.9.0
CVSS Score: 9.9
Vulnerability: [CVE-2017-15095] Deserialization of Untrusted Data

Details about the vulnerability are available on the OSS Index page for [CVE-2017-15095] Deserialization of Untrusted Data.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.1
Vulnerability: [CVE-2016-6816] Improper Input Validation

Details about the vulnerability are available on the OSS Index page for [CVE-2016-6816] Improper Input Validation.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2017-5664] The error page mechanism of the Java Servlet Specification requires that, when a...

Details about the vulnerability are available on the OSS Index page for [CVE-2017-5664] The error page mechanism of the Java Servlet Specification requires that, when a....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of com.fasterxml.jackson.core:jackson-databind:2.9.0 results in the following vulnerability(s):

• (CVSS 9.9) [CVE-2017-15095] Deserialization of Untrusted Data
• (CVSS 9.9) [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data
• (CVSS 8.1) [CVE-2018-5968] Incomplete Blacklist, Deserialization of Untrusted Data

Occurrences

com.fasterxml.jackson.core:jackson-databind:2.9.0 is a transitive dependency introduced by the following direct dependency(s):

• com.fasterxml.jackson.core\[email protected]

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 8.1
Vulnerability: [CVE-2017-12617] When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC...

Details about the vulnerability are available on the OSS Index page for [CVE-2017-12617] When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC....

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: com.fasterxml.jackson.core:jackson-databind:2.9.0
CVSS Score: 9.9
Vulnerability: [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data

Details about the vulnerability are available on the OSS Index page for [CVE-2018-7489] Incomplete Blacklist, Deserialization of Untrusted Data.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 9.1
Vulnerability: [CVE-2017-5648] Improper Access Control

Details about the vulnerability are available on the OSS Index page for [CVE-2017-5648] Improper Access Control.

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Component: org.apache.tomcat.embed:tomcat-embed-core:8.5.0
CVSS Score: 7.5
Vulnerability: [CVE-2017-7675] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

Details about the vulnerability are available on the OSS Index page for [CVE-2017-7675] Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal").

_{This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.}

Vulnerabilities

DepShield reports that this application's usage of org.apache.httpcomponents:httpclient:4.3 results in the following vulnerability(s):

• (CVSS 9.8) [CVE-2013-4366] http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 ...

Occurrences

org.apache.httpcomponents:httpclient:4.3 is a transitive dependency introduced by the following direct dependency(s):

• org.apache.httpcomponents\[email protected]

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}