search

akash-k-ephesoft / test-1

Other
0 stars 0 forks source link

mybatis-3.2.5.jar: 1 vulnerabilities (highest severity is: 8.1) - autoclosed #50

Closed mend-bolt-for-github[bot] closed 1 year ago

mend-bolt-for-github[bot] commented 1 year ago
Vulnerable Library - mybatis-3.2.5.jar

The MyBatis data mapper framework makes it easier to use a relational database with object-oriented applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object relational mapping tools.

Library home page: http://www.mybatis.org/core/

Path to vulnerable library: /lib/mybatis-3.2.5.jar

Found in HEAD commit: bafe36287e51aaacdb1ab47c78bd429757cdc4f2

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in Remediation Available
CVE-2020-26945 High 8.1 mybatis-3.2.5.jar Direct 3.5.6

Details

CVE-2020-26945 ### Vulnerable Library - mybatis-3.2.5.jar

The MyBatis data mapper framework makes it easier to use a relational database with object-oriented applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object relational mapping tools.

Library home page: http://www.mybatis.org/core/

Path to vulnerable library: /lib/mybatis-3.2.5.jar

Dependency Hierarchy: - :x: **mybatis-3.2.5.jar** (Vulnerable Library)

Found in HEAD commit: bafe36287e51aaacdb1ab47c78bd429757cdc4f2

Found in base branch: main

### Vulnerability Details

MyBatis before 3.5.6 mishandles deserialization of object streams.

Publish Date: 2020-10-10

URL: CVE-2020-26945

### CVSS 3 Score Details (8.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2020-10-26

Fix Resolution: 3.5.6

Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
mend-bolt-for-github[bot] commented 1 year ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #51

mend-bolt-for-github[bot] commented 1 year ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #51