-
Vulnerable Library - log4j-1.2.13.jar
Log4j
Library home page: http://logging.apache.org/log4j/docs/
Path to dependency file: /pom.xml
Path to vulnerable library: /target/easybuggy-1-SNAPSHOT/WEB-IN…
-
Vulnerable Library - log4j-1.2.17.jar
Apache Log4j 1.2
Library home page: http://www.apache.org
Path to dependency file: /hadoop-common-project/hadoop-common/pom.xml
Path to vulnerable library: /hom…
-
Vulnerable Library - seata-server-1.5.0.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/security/spring-security-web/5.4.9/spr…
-
Vulnerable Library - slf4j-log4j12-1.5.0.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.13/log4j-1.2.13.jar
Found in HEAD comm…
-
Vulnerable Library - esapi-2.1.0.1.jar
The Enterprise Security API (ESAPI) project is an OWASP project
to create simple strong security controls for every web platform.
Security cont…
-
Security findings found via Trivy when using that need to be resolved. Unsure if this should be reported here or upstream.
In summary there are 5 medium and 4 high CVE vulnerabilities that can be r…
-
Docker image has a lot of java libraries which fail enterprise vulnerability scans.
| package | version | fix_version | id …
-
Vulnerable Library - slf4j-log4j12-1.5.0.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.13/log4j-1.2.13.jar
Found in HEAD comm…
-
Expected - pom.xml should contain OWASP dependency check plugin
```
org.owasp
dependency-check-maven
6.0.1
check
```
OWASP check output:
```
One or …
-
reload4j is a drop-in replacement intended to fix the latest security issues.
https://reload4j.qos.ch/
They have fixed CVE-2021-4104 by hardening, not by removing the class. logpresso does anyhow …