Open mend-for-github-com[bot] opened 2 years ago
JSON API documentation for spring based applications
Library home page: https://github.com/springfox/springfox
Path to dependency file: /backend/pom.xml
Path to vulnerable library: /itory/io/springfox/springfox-swagger2/2.10.0/springfox-swagger2-2.10.0.jar
Found in HEAD commit: 54081235f8a283d567f5bcfc44a5388f5ddeae3e
Dependency Hierarchy: - :x: **springfox-swagger2-2.10.0.jar** (Vulnerable Library)
Found in base branch: master
An issue was found in io.springfox:springfox-swagger-ui. This vulnerability can lead to “Log injection” - whereas untrusted data gets written into log files/entries. It allows attackers to forge log entries or inject malicious content into the logs.
Publish Date: 2020-09-09
URL: WS-2020-0407
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2020-0407
Release Date: 2020-09-09
Fix Resolution: no_fix
:rescue_worker_helmet: Automatic Remediation is available for this issue.
JSON API documentation for spring based applications
Library home page: https://github.com/springfox/springfox
Path to dependency file: /backend/pom.xml
Path to vulnerable library: /itory/io/springfox/springfox-swagger2/2.10.0/springfox-swagger2-2.10.0.jar
Found in HEAD commit: 54081235f8a283d567f5bcfc44a5388f5ddeae3e
Vulnerabilities
Details
WS-2020-0407
### Vulnerable Library - springfox-swagger2-2.10.0.jarJSON API documentation for spring based applications
Library home page: https://github.com/springfox/springfox
Path to dependency file: /backend/pom.xml
Path to vulnerable library: /itory/io/springfox/springfox-swagger2/2.10.0/springfox-swagger2-2.10.0.jar
Dependency Hierarchy: - :x: **springfox-swagger2-2.10.0.jar** (Vulnerable Library)
Found in HEAD commit: 54081235f8a283d567f5bcfc44a5388f5ddeae3e
Found in base branch: master
### Vulnerability DetailsAn issue was found in io.springfox:springfox-swagger-ui. This vulnerability can lead to “Log injection” - whereas untrusted data gets written into log files/entries. It allows attackers to forge log entries or inject malicious content into the logs.
Publish Date: 2020-09-09
URL: WS-2020-0407
### CVSS 3 Score Details (4.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2020-0407
Release Date: 2020-09-09
Fix Resolution: no_fix
:rescue_worker_helmet: Automatic Remediation is available for this issue:rescue_worker_helmet: Automatic Remediation is available for this issue.