billmcchesney1 / elevate-reference-app Goto Github PK
View Code? Open in Web Editor NEWThis project forked from mastercard/elevate-reference-app
License: Apache License 2.0
This project forked from mastercard/elevate-reference-app
License: Apache License 2.0
Kotlin Standard Library for JVM
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib/1.4.10/kotlin-stdlib-1.4.10.jar
Dependency Hierarchy:
Found in HEAD commit: 13ba5ab4490f515c66c6a7a4722a057de5daecc0
Found in base branch: master
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
Publish Date: 2021-02-03
URL: CVE-2020-29582
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-cqj8-47ch-rvvq
Release Date: 2021-02-03
Fix Resolution (org.jetbrains.kotlin:kotlin-stdlib): 1.4.21
Direct dependency fix Resolution (com.squareup.okhttp3:okhttp): 4.10.0
Gson JSON library
Library home page: https://github.com/google/gson
Path to dependency file: /pom.xml
Path to vulnerable library: /com/google/code/gson/gson/2.8.6/gson-2.8.6.jar
Dependency Hierarchy:
Found in base branch: master
Denial of Service vulnerability was discovered in gson before 2.8.9 via the writeReplace() method.
Publish Date: 2021-10-11
URL: WS-2021-0419
Base Score Metrics:
⛑️ Automatic Remediation will be attempted for this issue.
Gson JSON library
Library home page: https://github.com/google/gson
Path to dependency file: /pom.xml
Path to vulnerable library: /com/google/code/gson/gson/2.8.6/gson-2.8.6.jar
Dependency Hierarchy:
Found in base branch: master
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
Publish Date: 2022-05-01
URL: CVE-2022-25647
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25647`
Release Date: 2022-05-01
Fix Resolution: 2.8.9
⛑️ Automatic Remediation will be attempted for this issue.
Kotlin Standard Library for JVM
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib/1.4.10/kotlin-stdlib-1.4.10.jar
Dependency Hierarchy:
Found in base branch: master
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
Publish Date: 2022-02-25
URL: CVE-2022-24329
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-2qp4-g3q3-f92w
Release Date: 2022-02-25
Fix Resolution (org.jetbrains.kotlin:kotlin-stdlib): 1.6.0-M1
Direct dependency fix Resolution (com.squareup.okhttp3:okhttp): 4.11.0
Java port of Stefan Goessner JsonPath.
Library home page: https://github.com/jayway/JsonPath
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/jayway/jsonpath/json-path/2.4.0/json-path-2.4.0.jar
Dependency Hierarchy:
Found in base branch: master
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
Publish Date: 2023-12-27
URL: CVE-2023-51074
Base Score Metrics:
A modern I/O API for Java
Library home page: https://github.com/square/okio/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/com/squareup/okio/okio/2.8.0/okio-2.8.0.jar
Dependency Hierarchy:
Found in base branch: master
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
Publish Date: 2023-07-12
URL: CVE-2023-3635
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-3635
Release Date: 2023-07-12
Fix Resolution (com.squareup.okio:okio): 3.0.0-alpha.10
Direct dependency fix Resolution (com.squareup.okhttp3:okhttp): 4.10.0
⛑️ Automatic Remediation will be attempted for this issue.
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.
Library home page: http://www.minidev.net/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/net/minidev/json-smart/2.3/json-smart-2.3.jar
Dependency Hierarchy:
Found in HEAD commit: 13ba5ab4490f515c66c6a7a4722a057de5daecc0
Found in base branch: master
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
Publish Date: 2021-02-23
URL: CVE-2021-27568
Base Score Metrics:
Type: Upgrade version
Release Date: 2021-02-23
Fix Resolution (net.minidev:json-smart): 2.3.1
Direct dependency fix Resolution (com.mastercard.developer:client-encryption): 1.7.0
JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.
Library home page: http://www.minidev.net/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/net/minidev/json-smart/2.3/json-smart-2.3.jar
Dependency Hierarchy:
Found in base branch: master
Json-smart is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.
Publish Date: 2023-03-22
URL: CVE-2023-1370
Base Score Metrics:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.