search

andy-yk-lin / andy-yk-lin-Remediate-Smart-Merge-high-confidence-grouping

0 stars 0 forks source link

struts-taglib-1.3.8.jar: 1 vulnerabilities (highest severity is: 3.7) #6

Open mend-for-github-com[bot] opened 2 months ago

mend-for-github-com[bot] commented 2 months ago
Vulnerable Library - struts-taglib-1.3.8.jar

Apache Struts

Library home page: http://www.apache.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Found in HEAD commit: d67e54672029af15dc698e22c2838b75b9a6aeb6

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (struts-taglib version) Remediation Possible**
CVE-2008-2025 Low 3.7 struts-taglib-1.3.8.jar Direct org.apache.struts:struts-taglib:1.4.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2008-2025 ### Vulnerable Library - struts-taglib-1.3.8.jar

Apache Struts

Library home page: http://www.apache.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /pom.xml

Dependency Hierarchy: - :x: **struts-taglib-1.3.8.jar** (Vulnerable Library)

Found in HEAD commit: d67e54672029af15dc698e22c2838b75b9a6aeb6

Found in base branch: main

### Vulnerability Details

Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."

Publish Date: 2009-04-09

URL: CVE-2008-2025

### CVSS 3 Score Details (3.7)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2025

Release Date: 2009-04-09

Fix Resolution: org.apache.struts:struts-taglib:1.4.0

In order to enable automatic remediation, please create workflow rules

In order to enable automatic remediation for this issue, please create workflow rules