mend-bolt-for-github[bot]
commented
2 years ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #55
Closed mend-bolt-for-github[bot] closed 2 years ago
mend-bolt-for-github[bot]
commented
2 years ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #55
mend-bolt-for-github[bot]
commented
2 years ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #55
A Java framework to parse command line options with annotations.
Library home page: http://beust.com/
Path to vulnerable library: /lib/jcommander-1.48.jar
Found in HEAD commit: bafe36287e51aaacdb1ab47c78bd429757cdc4f2
Vulnerabilities
Details
WS-2019-0490
### Vulnerable Library - jcommander-1.48.jarA Java framework to parse command line options with annotations.
Library home page: http://beust.com/
Path to vulnerable library: /lib/jcommander-1.48.jar
Dependency Hierarchy: - :x: **jcommander-1.48.jar** (Vulnerable Library)
Found in HEAD commit: bafe36287e51aaacdb1ab47c78bd429757cdc4f2
Found in base branch: main
### Vulnerability DetailsInclusion of Functionality from Untrusted Control Sphere vulnerability found in jcommander before 1.75. jcommander resolving dependencies over HTTP instead of HTTPS.
Publish Date: 2019-02-19
URL: WS-2019-0490
### CVSS 3 Score Details (8.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2019-02-19
Fix Resolution: 1.75
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)