GithubHelp home page GithubHelp logo

ofirghc / webgoat Goto Github PK

View Code? Open in Web Editor NEW

This project forked from webgoat/webgoat

0.0 0.0 0.0 99.36 MB

WebGoat is a deliberately insecure application

Home Page: https://owasp.org/www-project-webgoat/

License: Other

Shell 0.06% JavaScript 47.93% Java 37.33% CSS 3.67% HTML 10.97% Dockerfile 0.04%

webgoat's Introduction

WebGoat 8: A deliberately insecure Web Application

Build java-jdk OWASP Labs GitHub release Gitter Discussions

Introduction

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.

This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.

WARNING 1: While running this program your machine will be extremely vulnerable to attack. You should disconnect from the Internet while using this program. WebGoat's default configuration binds to localhost to minimize the exposure.

WARNING 2: This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.

Installation instructions:

For more details check the Contribution guide

1. Run using Docker

Every release is also published on DockerHub.

The easiest way to start WebGoat as a Docker container is to use the all-in-one docker container. This is a docker image that has WebGoat and WebWolf running inside.

docker run -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=Europe/Amsterdam webgoat/webgoat

Important: Choose the correct timezone, so that the docker container and your host are in the same timezone. As it is important for the validity of JWT tokens used in certain exercises.

2. Standalone

Download the latest WebGoat and WebWolf release from https://github.com/WebGoat/WebGoat/releases

java -Dfile.encoding=UTF-8 -jar webgoat-8.2.3.jar

Click the link in the log to start WebGoat.

3. Run from the sources

Prerequisites:

  • Java 17
  • Your favorite IDE
  • Git, or Git support in your IDE

Open a command shell/window:

git clone [email protected]:WebGoat/WebGoat.git

Now let's start by compiling the project.

cd WebGoat
git checkout <<branch_name>>
# On Linux/Mac:
./mvnw clean install 

# On Windows:
./mvnw.cmd clean install

# Using docker or podman, you can than build the container locally
docker build -f Dockerfile . -t webgoat/webgoat

Now we are ready to run the project. WebGoat 8.x is using Spring-Boot.

# On Linux/Mac:
./mvnw spring-boot:run
# On Windows:
./mvnw.cmd spring-boot:run

... you should be running WebGoat on localhost:8080/WebGoat momentarily

To change the IP address add the following variable to the WebGoat/webgoat-container/src/main/resources/application.properties file:

server.address=x.x.x.x

4. Run with custom menu

For specialist only. There is a way to set up WebGoat with a personalized menu. You can leave out some menu categories or individual lessons by setting certain environment variables.

For instance running as a jar on a Linux/macOS it will look like this:

export EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE"
export EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations"
java -jar target/webgoat-8.2.3-SNAPSHOT.jar

Or in a docker run it would (once this version is pushed into docker hub) look like this:
```Shell
docker run -d -p 8080:8080 -p 9090:9090 -e TZ=Europe/Amsterdam -e EXCLUDE_CATEGORIES="CLIENT_SIDE,GENERAL,CHALLENGE" -e EXCLUDE_LESSONS="SqlInjectionAdvanced,SqlInjectionMitigations" webgoat/webgoat

webgoat's People

Contributors

act-ive avatar aolle avatar avivmu avatar benediktstuhrmann avatar commjoen avatar dcowden avatar dependabot[bot] avatar dougmorato avatar eliedebrauwer avatar gravis avatar johannesegger avatar lawson89 avatar magicansk avatar matthias-g avatar maxgeldner avatar mayhew64 avatar misfir3 avatar nbaars avatar nicholasparks avatar nparks-owasp avatar ofirghc avatar ottijp avatar philippesteinbach avatar rjclancy avatar robiq avatar rubiev avatar span avatar thiswayman avatar zubcevic avatar zupzup avatar

webgoat's Issues

spring-boot-starter-validation-2.7.1.jar: 2 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - spring-boot-starter-validation-2.7.1.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /C:/Users/OfirNir/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (spring-boot-starter-validation version) Remediation Available
CVE-2022-25857 High 7.5 snakeyaml-1.30.jar Transitive N/A*
CVE-2022-38750 Medium 5.5 snakeyaml-1.30.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-25857

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /C:/Users/OfirNir/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • snakeyaml-1.30.jar (Vulnerable Library)

Found in base branch: develop

Vulnerability Details

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

Publish Date: 2022-08-30

URL: CVE-2022-25857

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25857

Release Date: 2022-08-30

Fix Resolution: org.yaml:snakeyaml:1.31

CVE-2022-38750

Vulnerable Library - snakeyaml-1.30.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /pom.xml

Path to vulnerable library: /C:/Users/OfirNir/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

  • spring-boot-starter-validation-2.7.1.jar (Root Library)
    • spring-boot-starter-2.7.1.jar
      • snakeyaml-1.30.jar (Vulnerable Library)

Found in base branch: develop

Vulnerability Details

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

Publish Date: 2022-09-05

URL: CVE-2022-38750

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027

Release Date: 2022-09-05

Fix Resolution: org.yaml:snakeyaml:1.31

commons-io-2.6.jar: 1 vulnerabilities (highest severity is: 4.8)

Vulnerable Library - commons-io-2.6.jar

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Library home page: http://commons.apache.org/proper/commons-io/

Path to dependency file: /pom.xml

Path to vulnerable library: /-io/2.6/commons-io-2.6.jar

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (commons-io version) Remediation Available
CVE-2021-29425 Medium 4.8 commons-io-2.6.jar Direct 2.7

Details

CVE-2021-29425

Vulnerable Library - commons-io-2.6.jar

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Library home page: http://commons.apache.org/proper/commons-io/

Path to dependency file: /pom.xml

Path to vulnerable library: /-io/2.6/commons-io-2.6.jar

Dependency Hierarchy:

  • commons-io-2.6.jar (Vulnerable Library)

Found in base branch: develop

Vulnerability Details

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Publish Date: 2021-04-13

URL: CVE-2021-29425

CVSS 3 Score Details (4.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425

Release Date: 2021-04-13

Fix Resolution: 2.7

⛑️ Automatic Remediation is available for this issue

⛑️ Automatic Remediation is available for this issue.

jjwt-0.9.1.jar: 2 vulnerabilities (highest severity is: 7.5) - autoclosed

Vulnerable Library - jjwt-0.9.1.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /C:/Users/OfirNir/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (jjwt version) Remediation Available
CVE-2022-42004 High 7.5 jackson-databind-2.13.3.jar Transitive N/A*
CVE-2022-42003 High 7.5 jackson-databind-2.13.3.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-42004

Vulnerable Library - jackson-databind-2.13.3.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /pom.xml

Path to vulnerable library: /C:/Users/OfirNir/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar

Dependency Hierarchy:

  • jjwt-0.9.1.jar (Root Library)
    • jackson-databind-2.13.3.jar (Vulnerable Library)

Found in base branch: develop

Vulnerability Details

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Publish Date: Oct 2, 2022 8:15:00 AM

URL: CVE-2022-42004

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: Oct 2, 2022 8:15:00 AM

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.13.4

CVE-2022-42003

Vulnerable Library - jackson-databind-2.13.3.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /pom.xml

Path to vulnerable library: /C:/Users/OfirNir/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar

Dependency Hierarchy:

  • jjwt-0.9.1.jar (Root Library)
    • jackson-databind-2.13.3.jar (Vulnerable Library)

Found in base branch: develop

Vulnerability Details

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1

Publish Date: Oct 2, 2022 8:15:00 AM

URL: CVE-2022-42003

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

commons-text-1.9.jar: 1 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - commons-text-1.9.jar

Apache Commons Text is a library focused on algorithms working on strings.

Library home page: https://commons.apache.org/proper/commons-text

Path to dependency file: /pom.xml

Path to vulnerable library: /commons-text/1.9/commons-text-1.9.jar

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (commons-text version) Remediation Available
CVE-2022-42889 High 9.8 commons-text-1.9.jar Direct 1.10.0

Details

CVE-2022-42889

Vulnerable Library - commons-text-1.9.jar

Apache Commons Text is a library focused on algorithms working on strings.

Library home page: https://commons.apache.org/proper/commons-text

Path to dependency file: /pom.xml

Path to vulnerable library: /commons-text/1.9/commons-text-1.9.jar

Dependency Hierarchy:

  • commons-text-1.9.jar (Vulnerable Library)

Found in base branch: develop

Vulnerability Details

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.

Publish Date: 2022-10-13

URL: CVE-2022-42889

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.openwall.com/lists/oss-security/2022/10/13/4

Release Date: 2022-10-13

Fix Resolution: 1.10.0

⛑️ Automatic Remediation is available for this issue

⛑️ Automatic Remediation is available for this issue.

bootstrap-3.3.7.jar: 2 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - bootstrap-3.3.7.jar

WebJar for Bootstrap

Library home page: http://webjars.org

Path to dependency file: /pom.xml

Path to vulnerable library: /rap/3.3.7/bootstrap-3.3.7.jar

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (bootstrap version) Remediation Available
CVE-2018-14040 Medium 6.1 bootstrap-3.3.7.jar Direct 4.1.2
CVE-2018-14042 Medium 6.1 bootstrap-3.3.7.jar Direct 3.4.0

Details

CVE-2018-14040

Vulnerable Library - bootstrap-3.3.7.jar

WebJar for Bootstrap

Library home page: http://webjars.org

Path to dependency file: /pom.xml

Path to vulnerable library: /rap/3.3.7/bootstrap-3.3.7.jar

Dependency Hierarchy:

  • bootstrap-3.3.7.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Publish Date: 2018-07-13

URL: CVE-2018-14040

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-07-13

Fix Resolution: 4.1.2

⛑️ Automatic Remediation is available for this issue

CVE-2018-14042

Vulnerable Library - bootstrap-3.3.7.jar

WebJar for Bootstrap

Library home page: http://webjars.org

Path to dependency file: /pom.xml

Path to vulnerable library: /rap/3.3.7/bootstrap-3.3.7.jar

Dependency Hierarchy:

  • bootstrap-3.3.7.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-07-13

Fix Resolution: 3.4.0

⛑️ Automatic Remediation is available for this issue

⛑️ Automatic Remediation is available for this issue.

spring-boot-starter-undertow-2.7.1.jar: 2 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - spring-boot-starter-undertow-2.7.1.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /C:/Users/OfirNir/.m2/repository/io/undertow/undertow-core/2.2.18.Final/undertow-core-2.2.18.Final.jar

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (spring-boot-starter-undertow version) Remediation Available
CVE-2022-0084 High 7.5 xnio-api-3.8.7.Final.jar Transitive N/A*
CVE-2022-2053 High 7.5 undertow-core-2.2.18.Final.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-0084

Vulnerable Library - xnio-api-3.8.7.Final.jar

The API JAR of the XNIO project

Library home page: http://www.jboss.org/xnio

Path to dependency file: /pom.xml

Path to vulnerable library: /C:/Users/OfirNir/.m2/repository/org/jboss/xnio/xnio-api/3.8.7.Final/xnio-api-3.8.7.Final.jar

Dependency Hierarchy:

  • spring-boot-starter-undertow-2.7.1.jar (Root Library)
    • undertow-core-2.2.18.Final.jar
      • xnio-api-3.8.7.Final.jar (Vulnerable Library)

Found in base branch: develop

Vulnerability Details

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.

Publish Date: 2022-08-26

URL: CVE-2022-0084

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-08-26

Fix Resolution: org.jboss.xnio:xnio-api:3.8.8.Final

CVE-2022-2053

Vulnerable Library - undertow-core-2.2.18.Final.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /C:/Users/OfirNir/.m2/repository/io/undertow/undertow-core/2.2.18.Final/undertow-core-2.2.18.Final.jar

Dependency Hierarchy:

  • spring-boot-starter-undertow-2.7.1.jar (Root Library)
    • undertow-core-2.2.18.Final.jar (Vulnerable Library)

Found in base branch: develop

Vulnerability Details

When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.

Publish Date: 2022-08-05

URL: CVE-2022-2053

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-95rf-557x-44g5

Release Date: 2022-08-05

Fix Resolution: io.undertow:undertow-core:2.2.19.Final

jsoup-1.14.3.jar: 1 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - jsoup-1.14.3.jar

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

Library home page: https://jsoup.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /14.3/jsoup-1.14.3.jar

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (jsoup version) Remediation Available
CVE-2022-36033 Medium 6.1 jsoup-1.14.3.jar Direct 1.15.3

Details

CVE-2022-36033

Vulnerable Library - jsoup-1.14.3.jar

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for fetching URLs and extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

Library home page: https://jsoup.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /14.3/jsoup-1.14.3.jar

Dependency Hierarchy:

  • jsoup-1.14.3.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default SafeList.preserveRelativeLinks option is enabled, HTML including javascript: URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable SafeList.preserveRelativeLinks, which will rewrite input URLs as absolute URLs - ensure an appropriate Content Security Policy is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)

Publish Date: 2022-08-29

URL: CVE-2022-36033

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-gp7f-rwcx-9369

Release Date: 2022-08-29

Fix Resolution: 1.15.3

⛑️ Automatic Remediation is available for this issue

⛑️ Automatic Remediation is available for this issue.

bootstrap-3.1.1.min.js: 3 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - bootstrap-3.1.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (bootstrap version) Remediation Available
CVE-2018-14040 Medium 6.1 bootstrap-3.1.1.min.js Direct org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
CVE-2018-20677 Medium 6.1 bootstrap-3.1.1.min.js Direct Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
CVE-2018-14042 Medium 6.1 bootstrap-3.1.1.min.js Direct org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0

Details

CVE-2018-14040

Vulnerable Library - bootstrap-3.1.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Dependency Hierarchy:

  • bootstrap-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Publish Date: 2018-07-13

URL: CVE-2018-14040

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0

CVE-2018-20677

Vulnerable Library - bootstrap-3.1.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Dependency Hierarchy:

  • bootstrap-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Publish Date: 2019-01-09

URL: CVE-2018-20677

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677

Release Date: 2019-01-09

Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0

CVE-2018-14042

Vulnerable Library - bootstrap-3.1.1.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/bootstrap.min.js,/src/main/resources/lessons/challenges/js/bootstrap.min.js

Dependency Hierarchy:

  • bootstrap-3.1.1.min.js (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0

Code Security Report: 40 high severity findings, 156 total findings

Code Security Report

Latest Scan: 2022-09-07 02:33pm
Total Findings: 156
Tested Project Files: 496
Detected Programming Languages: 2

  • Check this box to manually trigger a scan

Language: Java

Severity CWE Vulnerability Type Count
High CWE-89 SQL Injection 26
High CWE-22 Path/Directory Traversal 7
High CWE-502 Deserialization of Untrusted Data 2
High CWE-918 Server Side Request Forgery 2
High CWE-611 XML External Entity (XXE) Injection 3
Medium CWE-79 Cross-Site Scripting 6
Low CWE-798 Hardcoded Password/Credentials 12
Low CWE-338 Weak Pseudo-Random 9
Low CWE-244 Heap Inspection 36
Low CWE-209 Console Output 2
Low CWE-209 Error Messages Information Exposure 46
Low CWE-916 Weak Hash Strength 1
Low CWE-20 Cookie Injection 2

Details

The below list presents the 20 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

SQL Injection (CWE-89) : 20

Findings

challenge5/Assignment5.java:59

WebGoat/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java

Lines 54 to 59 in 72786ae

}
if (!"Larry".equals(username_login)) {
return failed(this).feedback("user.not.larry").feedbackArgs(username_login).build();
}
try (var connection = dataSource.getConnection()) {
PreparedStatement statement = connection.prepareStatement("select password from challenge_users where userid = '" + username_login + "' and password = '" + password_login + "'");

introduction/SqlInjectionLesson3.java:65

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java

Lines 60 to 65 in 72786ae

protected AttackResult injectableQuery(String query) {
try (Connection connection = dataSource.getConnection()) {
try (Statement statement = connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY)) {
Statement checkStatement = connection.createStatement(TYPE_SCROLL_INSENSITIVE,
CONCUR_READ_ONLY);
statement.executeUpdate(query);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java

Line 57 in 72786ae

return injectableQuery(query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java

Line 60 in 72786ae

protected AttackResult injectableQuery(String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java

Line 65 in 72786ae

statement.executeUpdate(query);

advanced/SqlInjectionLesson6a.java:65

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java

Lines 60 to 65 in 72786ae

query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";
//Check if Union is used
if (!accountName.matches("(?i)(^[^-/*;)]*)(\\s*)UNION(.*$)")) {
usedUnion = false;
}
try (Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java

Line 53 in 72786ae

AttackResult attackResult = lesson6a.injectableQuery(userId);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java

Line 56 in 72786ae

public AttackResult injectableQuery(String accountName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java

Line 60 in 72786ae

query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java

Line 65 in 72786ae

try (Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,

introduction/SqlInjectionLesson9.java:66

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java

Lines 61 to 66 in 72786ae

String query = "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";
try (Connection connection = dataSource.getConnection()) {
try {
Statement statement = connection.createStatement(TYPE_SCROLL_SENSITIVE, CONCUR_UPDATABLE);
SqlInjectionLesson8.log(connection, query);
ResultSet results = statement.executeQuery(query);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java

Line 56 in 72786ae

return injectableQueryIntegrity(name, auth_tan);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java

Line 59 in 72786ae

protected AttackResult injectableQueryIntegrity(String name, String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java

Line 61 in 72786ae

String query = "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java

Line 66 in 72786ae

ResultSet results = statement.executeQuery(query);

introduction/SqlInjectionLesson5b.java:58

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java

Lines 53 to 58 in 72786ae

}
protected AttackResult injectableQuery(String login_count, String accountName) {
String queryString = "SELECT * From user_data WHERE Login_Count = ? and userid= " + accountName;
try (Connection connection = dataSource.getConnection()) {
PreparedStatement query = connection.prepareStatement(queryString, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java

Line 52 in 72786ae

return injectableQuery(login_count, userid);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java

Line 55 in 72786ae

protected AttackResult injectableQuery(String login_count, String accountName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java

Line 56 in 72786ae

String queryString = "SELECT * From user_data WHERE Login_Count = ? and userid= " + accountName;

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java

Line 58 in 72786ae

PreparedStatement query = connection.prepareStatement(queryString, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);

introduction/SqlInjectionLesson5a.java:62

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java

Lines 57 to 62 in 72786ae

protected AttackResult injectableQuery(String accountName) {
String query = "";
try (Connection connection = dataSource.getConnection()) {
query = "SELECT * FROM user_data WHERE first_name = 'John' and last_name = '" + accountName + "'";
try (Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE)) {
ResultSet results = statement.executeQuery(query);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java

Line 54 in 72786ae

return injectableQuery(account + " " + operator + " " + injection);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java

Line 57 in 72786ae

protected AttackResult injectableQuery(String accountName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java

Line 60 in 72786ae

query = "SELECT * FROM user_data WHERE first_name = 'John' and last_name = '" + accountName + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java

Line 62 in 72786ae

ResultSet results = statement.executeQuery(query);

introduction/SqlInjectionLesson2.java:62

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java

Lines 57 to 62 in 72786ae

}
protected AttackResult injectableQuery(String query) {
try (var connection = dataSource.getConnection()) {
Statement statement = connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY);
ResultSet results = statement.executeQuery(query);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java

Line 56 in 72786ae

return injectableQuery(query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java

Line 59 in 72786ae

protected AttackResult injectableQuery(String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java

Line 62 in 72786ae

ResultSet results = statement.executeQuery(query);

advanced/SqlInjectionLesson6a.java:65

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java

Lines 60 to 65 in 72786ae

query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";
//Check if Union is used
if (!accountName.matches("(?i)(^[^-/*;)]*)(\\s*)UNION(.*$)")) {
usedUnion = false;
}
try (Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidation.java

Line 52 in 72786ae

AttackResult attackResult = lesson6a.injectableQuery(userId);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java

Line 56 in 72786ae

public AttackResult injectableQuery(String accountName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java

Line 60 in 72786ae

query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java

Line 65 in 72786ae

try (Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,

introduction/SqlInjectionLesson5a.java:62

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java

Lines 57 to 62 in 72786ae

protected AttackResult injectableQuery(String accountName) {
String query = "";
try (Connection connection = dataSource.getConnection()) {
query = "SELECT * FROM user_data WHERE first_name = 'John' and last_name = '" + accountName + "'";
try (Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE)) {
ResultSet results = statement.executeQuery(query);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java

Line 54 in 72786ae

return injectableQuery(account + " " + operator + " " + injection);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java

Line 57 in 72786ae

protected AttackResult injectableQuery(String accountName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java

Line 60 in 72786ae

query = "SELECT * FROM user_data WHERE first_name = 'John' and last_name = '" + accountName + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java

Line 62 in 72786ae

ResultSet results = statement.executeQuery(query);

introduction/SqlInjectionLesson8.java:66

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Lines 61 to 66 in 72786ae

try (Connection connection = dataSource.getConnection()) {
try {
Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE);
log(connection, query);
ResultSet results = statement.executeQuery(query);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 55 in 72786ae

return injectableQueryConfidentiality(name, auth_tan);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 58 in 72786ae

protected AttackResult injectableQueryConfidentiality(String name, String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 60 in 72786ae

String query = "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 66 in 72786ae

ResultSet results = statement.executeQuery(query);

introduction/SqlInjectionLesson8.java:66

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Lines 61 to 66 in 72786ae

try (Connection connection = dataSource.getConnection()) {
try {
Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE);
log(connection, query);
ResultSet results = statement.executeQuery(query);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 55 in 72786ae

return injectableQueryConfidentiality(name, auth_tan);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 58 in 72786ae

protected AttackResult injectableQueryConfidentiality(String name, String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 60 in 72786ae

String query = "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 66 in 72786ae

ResultSet results = statement.executeQuery(query);

introduction/SqlInjectionLesson10.java:63

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java

Lines 58 to 63 in 72786ae

String query = "SELECT * FROM access_log WHERE action LIKE '%" + action + "%'";
try (Connection connection = dataSource.getConnection()) {
try {
Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet results = statement.executeQuery(query);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java

Line 53 in 72786ae

return injectableQueryAvailability(action_string);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java

Line 56 in 72786ae

protected AttackResult injectableQueryAvailability(String action) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java

Line 58 in 72786ae

String query = "SELECT * FROM access_log WHERE action LIKE '%" + action + "%'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java

Line 63 in 72786ae

ResultSet results = statement.executeQuery(query);

introduction/SqlInjectionLesson3.java:65

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java

Lines 60 to 65 in 72786ae

protected AttackResult injectableQuery(String query) {
try (Connection connection = dataSource.getConnection()) {
try (Statement statement = connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY)) {
Statement checkStatement = connection.createStatement(TYPE_SCROLL_INSENSITIVE,
CONCUR_READ_ONLY);
statement.executeUpdate(query);

advanced/SqlInjectionChallenge.java:65

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallenge.java

Lines 60 to 65 in 72786ae

try (Connection connection = dataSource.getConnection()) {
String checkUserQuery = "select userid from sql_challenge_users where userid = '" + username_reg + "'";
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery(checkUserQuery);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallenge.java

Line 63 in 72786ae

String checkUserQuery = "select userid from sql_challenge_users where userid = '" + username_reg + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionChallenge.java

Line 65 in 72786ae

ResultSet resultSet = statement.executeQuery(checkUserQuery);

introduction/SqlInjectionLesson9.java:66

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java

Lines 61 to 66 in 72786ae

String query = "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";
try (Connection connection = dataSource.getConnection()) {
try {
Statement statement = connection.createStatement(TYPE_SCROLL_SENSITIVE, CONCUR_UPDATABLE);
SqlInjectionLesson8.log(connection, query);
ResultSet results = statement.executeQuery(query);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java

Line 56 in 72786ae

return injectableQueryIntegrity(name, auth_tan);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java

Line 59 in 72786ae

protected AttackResult injectableQueryIntegrity(String name, String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java

Line 61 in 72786ae

String query = "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java

Line 66 in 72786ae

ResultSet results = statement.executeQuery(query);

introduction/SqlInjectionLesson8.java:66

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Lines 61 to 66 in 72786ae

try (Connection connection = dataSource.getConnection()) {
try {
Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE);
log(connection, query);
ResultSet results = statement.executeQuery(query);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 60 in 72786ae

String query = "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 66 in 72786ae

ResultSet results = statement.executeQuery(query);

introduction/SqlInjectionLesson8.java:66

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Lines 61 to 66 in 72786ae

try (Connection connection = dataSource.getConnection()) {
try {
Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE);
log(connection, query);
ResultSet results = statement.executeQuery(query);

Trace

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 60 in 72786ae

String query = "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java

Line 66 in 72786ae

ResultSet results = statement.executeQuery(query);

mitigation/Servers.java:72

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/Servers.java

Lines 67 to 72 in 72786ae

@ResponseBody
public List<Server> sort(@RequestParam String column) throws Exception {
List<Server> servers = new ArrayList<>();
try (var connection = dataSource.getConnection()) {
try (var statement = connection.prepareStatement("select id, hostname, ip, mac, status, description from SERVERS where status <> 'out of order' order by " + column)) {

introduction/SqlInjectionLesson4.java:63

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java

Lines 58 to 63 in 72786ae

}
protected AttackResult injectableQuery(String query) {
try (Connection connection = dataSource.getConnection()) {
try (Statement statement = connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY)) {
statement.executeUpdate(query);

introduction/SqlInjectionLesson2.java:62

WebGoat/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson2.java

Lines 57 to 62 in 72786ae

}
protected AttackResult injectableQuery(String query) {
try (var connection = dataSource.getConnection()) {
Statement statement = connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY);
ResultSet results = statement.executeQuery(query);

Language: JavaScript / Node.js

Severity CWE Vulnerability Type Count
Low CWE-338 Weak Pseudo-Random 2

Details

No high vulnerability findings detected. To view information on the remaining findings, navigate to the Mend SAST Application.

jquery-ui-1.12.1.min.js: 4 vulnerabilities (highest severity is: 6.1)

Vulnerable Library - jquery-ui-1.12.1.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-ui.min.js

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (jquery-ui version) Remediation Available
CVE-2021-41184 Medium 6.1 jquery-ui-1.12.1.min.js Direct jquery-ui - 1.13.0
CVE-2021-41183 Medium 6.1 jquery-ui-1.12.1.min.js Direct jquery-ui - 1.13.0
CVE-2021-41182 Medium 6.1 jquery-ui-1.12.1.min.js Direct jquery-ui - 1.13.0
CVE-2022-31160 Medium 6.1 jquery-ui-1.12.1.min.js Direct jquery-ui - 1.13.2

Details

CVE-2021-41184

Vulnerable Library - jquery-ui-1.12.1.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-ui.min.js

Dependency Hierarchy:

  • jquery-ui-1.12.1.min.js (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS selector. A workaround is to not accept the value of the of option from untrusted sources.

Publish Date: 2021-10-26

URL: CVE-2021-41184

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184

Release Date: 2021-10-26

Fix Resolution: jquery-ui - 1.13.0

CVE-2021-41183

Vulnerable Library - jquery-ui-1.12.1.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-ui.min.js

Dependency Hierarchy:

  • jquery-ui-1.12.1.min.js (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.

Publish Date: 2021-10-26

URL: CVE-2021-41183

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183

Release Date: 2021-10-26

Fix Resolution: jquery-ui - 1.13.0

CVE-2021-41182

Vulnerable Library - jquery-ui-1.12.1.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-ui.min.js

Dependency Hierarchy:

  • jquery-ui-1.12.1.min.js (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.

Publish Date: 2021-10-26

URL: CVE-2021-41182

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182

Release Date: 2021-10-26

Fix Resolution: jquery-ui - 1.13.0

CVE-2022-31160

Vulnerable Library - jquery-ui-1.12.1.min.js

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Path to vulnerable library: /src/main/resources/webgoat/static/js/libs/jquery-ui.min.js

Dependency Hierarchy:

  • jquery-ui-1.12.1.min.js (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling .checkboxradio( "refresh" ) on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the label in a span.

Publish Date: 2022-07-20

URL: CVE-2022-31160

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31160

Release Date: 2022-07-20

Fix Resolution: jquery-ui - 1.13.2

spring-boot-starter-security-2.7.1.jar: 1 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - spring-boot-starter-security-2.7.1.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /C:/Users/OfirNir/.m2/repository/org/springframework/security/spring-security-core/5.7.2/spring-security-core-5.7.2.jar

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (spring-boot-starter-security version) Remediation Available
CVE-2022-31692 High 9.8 spring-security-core-5.7.2.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-31692

Vulnerable Library - spring-security-core-5.7.2.jar

Spring Security

Library home page: https://spring.io/projects/spring-security

Path to dependency file: /pom.xml

Path to vulnerable library: /C:/Users/OfirNir/.m2/repository/org/springframework/security/spring-security-core/5.7.2/spring-security-core-5.7.2.jar

Dependency Hierarchy:

  • spring-boot-starter-security-2.7.1.jar (Root Library)
    • spring-security-config-5.7.2.jar
      • spring-security-core-5.7.2.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

Publish Date: 2022-10-31

URL: CVE-2022-31692

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-mmmh-wcxm-2wr4

Release Date: 2022-10-31

Fix Resolution: org.springframework.security:spring-security-core:5.6.9,5.7.5

hsqldb-2.5.2.jar: 1 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - hsqldb-2.5.2.jar

HSQLDB - Lightweight 100% Java SQL Database Engine

Library home page: http://hsqldb.org

Path to dependency file: /pom.xml

Path to vulnerable library: /2.5.2/hsqldb-2.5.2.jar

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (hsqldb version) Remediation Available
CVE-2022-41853 High 9.8 hsqldb-2.5.2.jar Direct N/A

Details

CVE-2022-41853

Vulnerable Library - hsqldb-2.5.2.jar

HSQLDB - Lightweight 100% Java SQL Database Engine

Library home page: http://hsqldb.org

Path to dependency file: /pom.xml

Path to vulnerable library: /2.5.2/hsqldb-2.5.2.jar

Dependency Hierarchy:

  • hsqldb-2.5.2.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.

Publish Date: Oct 6, 2022 9:17:00 PM

URL: CVE-2022-41853

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

xstream-1.4.5.jar: 34 vulnerabilities (highest severity is: 9.9)

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (xstream version) Remediation Available
CVE-2021-21345 High 9.9 xstream-1.4.5.jar Direct 1.4.16
CVE-2021-21344 High 9.8 xstream-1.4.5.jar Direct 1.4.16
CVE-2013-7285 High 9.8 xstream-1.4.5.jar Direct 1.4.10-java7
CVE-2021-21350 High 9.8 xstream-1.4.5.jar Direct 1.4.16
CVE-2021-21347 High 9.8 xstream-1.4.5.jar Direct 1.4.16
CVE-2021-21346 High 9.8 xstream-1.4.5.jar Direct 1.4.16
CVE-2021-21342 High 9.1 xstream-1.4.5.jar Direct 1.4.16
CVE-2021-21351 High 9.1 xstream-1.4.5.jar Direct 1.4.16
CVE-2021-39139 High 8.8 xstream-1.4.5.jar Direct 1.4.18
CVE-2020-26217 High 8.8 xstream-1.4.5.jar Direct 1.4.13-java7
CVE-2021-29505 High 8.8 xstream-1.4.5.jar Direct 1.4.17
CVE-2021-21349 High 8.6 xstream-1.4.5.jar Direct 1.4.16
CVE-2021-39150 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2021-39152 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2021-39151 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2021-39154 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2021-39153 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2021-39141 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2021-39145 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2021-39144 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2021-39147 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2021-39146 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2021-39149 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2021-39148 High 8.5 xstream-1.4.5.jar Direct 1.4.18
CVE-2020-26258 High 7.7 xstream-1.4.5.jar Direct 1.4.14-jdk7
CVE-2021-21343 High 7.5 xstream-1.4.5.jar Direct 1.4.16
CVE-2021-21341 High 7.5 xstream-1.4.5.jar Direct 1.4.16
CVE-2021-43859 High 7.5 xstream-1.4.5.jar Direct 1.4.6
CVE-2022-40151 High 7.5 xstream-1.4.5.jar Direct N/A
CVE-2021-21348 High 7.5 xstream-1.4.5.jar Direct 1.4.16
CVE-2020-26259 Medium 6.8 xstream-1.4.5.jar Direct 1.4.14-jdk7
CVE-2021-39140 Medium 6.3 xstream-1.4.5.jar Direct 1.4.18
CVE-2017-7957 Medium 5.3 xstream-1.4.5.jar Direct 1.4.10
CVE-2016-3674 Medium 5.3 xstream-1.4.5.jar Direct 1.4.9

Details

Partial details (23 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2021-21345

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Publish Date: 2021-03-23

URL: CVE-2021-21345

CVSS 3 Score Details (9.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hwpc-8xqv-jvj4

Release Date: 2021-03-23

Fix Resolution: 1.4.16

⛑️ Automatic Remediation is available for this issue

CVE-2021-21344

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Publish Date: 2021-03-23

URL: CVE-2021-21344

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-59jw-jqf4-3wq3

Release Date: 2021-03-23

Fix Resolution: 1.4.16

⛑️ Automatic Remediation is available for this issue

CVE-2013-7285

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.

Publish Date: 2019-05-15

URL: CVE-2013-7285

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7285

Release Date: 2019-05-15

Fix Resolution: 1.4.10-java7

⛑️ Automatic Remediation is available for this issue

CVE-2021-21350

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Publish Date: 2021-03-23

URL: CVE-2021-21350

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-43gc-mjxg-gvrq

Release Date: 2021-03-23

Fix Resolution: 1.4.16

⛑️ Automatic Remediation is available for this issue

CVE-2021-21347

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Publish Date: 2021-03-23

URL: CVE-2021-21347

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-qpfq-ph7r-qv6f

Release Date: 2021-03-23

Fix Resolution: 1.4.16

⛑️ Automatic Remediation is available for this issue

CVE-2021-21346

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Publish Date: 2021-03-23

URL: CVE-2021-21346

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-4hrm-m67v-5cxr

Release Date: 2021-03-23

Fix Resolution: 1.4.16

⛑️ Automatic Remediation is available for this issue

CVE-2021-21342

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Publish Date: 2021-03-23

URL: CVE-2021-21342

CVSS 3 Score Details (9.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hvv8-336g-rx3m

Release Date: 2021-03-23

Fix Resolution: 1.4.16

⛑️ Automatic Remediation is available for this issue

CVE-2021-21351

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Publish Date: 2021-03-23

URL: CVE-2021-21351

CVSS 3 Score Details (9.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hrcp-8f3q-4w2c

Release Date: 2021-03-23

Fix Resolution: 1.4.16

⛑️ Automatic Remediation is available for this issue

CVE-2021-39139

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of the box with JDK 1.7u21 or below. However, this scenario can be adjusted easily to an external Xalan that works regardless of the version of the Java runtime. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39139

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-64xx-cq4q-mf44

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

CVE-2020-26217

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.

Publish Date: 2020-11-16

URL: CVE-2020-26217

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-mw36-7c6c-q4q2

Release Date: 2020-11-16

Fix Resolution: 1.4.13-java7

⛑️ Automatic Remediation is available for this issue

CVE-2021-29505

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.

Publish Date: 2021-05-29

URL: CVE-2021-29505

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7chv-rrw6-w6fc

Release Date: 2021-05-29

Fix Resolution: 1.4.17

⛑️ Automatic Remediation is available for this issue

CVE-2021-21349

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Publish Date: 2021-03-23

URL: CVE-2021-21349

CVSS 3 Score Details (8.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-f6hm-88x3-mfjv

Release Date: 2021-03-23

Fix Resolution: 1.4.16

⛑️ Automatic Remediation is available for this issue

CVE-2021-39150

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.18.

Publish Date: 2021-08-23

URL: CVE-2021-39150

CVSS 3 Score Details (8.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hph2-m3g5-xxv4

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

CVE-2021-39152

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.18.

Publish Date: 2021-08-23

URL: CVE-2021-39152

CVSS 3 Score Details (8.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-xw4p-crpj-vjx2

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

CVE-2021-39151

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39151

CVSS 3 Score Details (8.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hph2-m3g5-xxv4

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

CVE-2021-39154

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39154

CVSS 3 Score Details (8.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-6w62-hx7r-mw68

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

CVE-2021-39153

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39153

CVSS 3 Score Details (8.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39153

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

CVE-2021-39141

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39141

CVSS 3 Score Details (8.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-g5w6-mrj7-75h2

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

CVE-2021-39145

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39145

CVSS 3 Score Details (8.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-8jrj-525p-826v

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

CVE-2021-39144

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39144

CVSS 3 Score Details (8.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-j9h8-phrw-h4fh

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

CVE-2021-39147

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39147

CVSS 3 Score Details (8.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-h7v4-7xg3-hxcc

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

CVE-2021-39146

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39146

CVSS 3 Score Details (8.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-p8pq-r894-fm8f

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

CVE-2021-39149

Vulnerable Library - xstream-1.4.5.jar

XStream is a serialization library from Java objects to XML and back.

Library home page: http://codehaus.org/xstream-parent/xstream/

Path to dependency file: /pom.xml

Path to vulnerable library: /stream/xstream/1.4.5/xstream-1.4.5.jar

Dependency Hierarchy:

  • xstream-1.4.5.jar (Vulnerable Library)

Found in HEAD commit: 58afa7caeb4cde4a3379c4e602095d367b249f12

Found in base branch: develop

Vulnerability Details

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Publish Date: 2021-08-23

URL: CVE-2021-39149

CVSS 3 Score Details (8.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3ccq-5vw3-2p6x

Release Date: 2021-08-23

Fix Resolution: 1.4.18

⛑️ Automatic Remediation is available for this issue

⛑️ Automatic Remediation is available for this issue.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.