webgoat-server-8.2.1-SNAPSHOT.jar: 1 vulnerabilities (highest severity is: 8.1)

[mend-for-github-com[bot]]

Vulnerable Library - webgoat-server-8.2.1-SNAPSHOT.jar

Found in HEAD commit: 50449e8346df657611a75bc79e49c2e4cb325b5b

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in	Remediation Available
WS-2019-0490	High	8.1	jcommander-1.72.jar	Transitive	N/A	❌

Details

WS-2019-0490

### Vulnerable Library - jcommander-1.72.jar

Command line parsing

Library home page: http://jcommander.org

Dependency Hierarchy: - webgoat-server-8.2.1-SNAPSHOT.jar (Root Library) - webgoat-container-8.2.1-SNAPSHOT.jar - asciidoctorj-2.4.3.jar - :x: **jcommander-1.72.jar** (Vulnerable Library)

Found in HEAD commit: 50449e8346df657611a75bc79e49c2e4cb325b5b

Found in base branch: main

### Vulnerability Details

Inclusion of Functionality from Untrusted Control Sphere vulnerability found in jcommander before 1.75. jcommander resolving dependencies over HTTP instead of HTTPS.

Publish Date: 2019-02-19

URL: WS-2019-0490

### CVSS 3 Score Details (8.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/cbeust/jcommander/issues/465

Release Date: 2019-02-19

Fix Resolution: com.beust:jcommander:1.75