Closed mend-bolt-for-github[bot] closed 4 years ago
null
Path to dependency file: /tmp/ws-scm/ws-documents/modules/commons/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/codehaus/plexus/plexus-utils/1.1/plexus-utils-1.1.jar
Dependency Hierarchy: - wsdl4j-1.6.3.wso2v3.jar (Root Library) - maven-artifact-2.0.5.jar - :x: **plexus-utils-1.1.jar** (Vulnerable Library)
Found in HEAD commit: 7ae3202b2ad66e00260af930086ca05fa5f4b29f
Plexus-utils before 3.0.24 are vulnerable to Directory Traversal
Publish Date: 2016-05-07
URL: WS-2016-7057
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
Type: Upgrade version
Origin: https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef
Release Date: 2019-05-30
Fix Resolution: 3.0.24
Step up your Open Source Security Game with WhiteSource here
Fixed by upgrading to the newest version
WS-2016-7057 - Medium Severity Vulnerability
Vulnerable Library - plexus-utils-1.1.jar
null
Path to dependency file: /tmp/ws-scm/ws-documents/modules/commons/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/codehaus/plexus/plexus-utils/1.1/plexus-utils-1.1.jar
Dependency Hierarchy: - wsdl4j-1.6.3.wso2v3.jar (Root Library) - maven-artifact-2.0.5.jar - :x: **plexus-utils-1.1.jar** (Vulnerable Library)
Found in HEAD commit: 7ae3202b2ad66e00260af930086ca05fa5f4b29f
Vulnerability Details
Plexus-utils before 3.0.24 are vulnerable to Directory Traversal
Publish Date: 2016-05-07
URL: WS-2016-7057
CVSS 3 Score Details (5.9)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef
Release Date: 2019-05-30
Fix Resolution: 3.0.24
Step up your Open Source Security Game with WhiteSource here