Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Path to dependency file: /front50-oracle/front50-oracle.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.
Path to dependency file: /front50-oracle/front50-oracle.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar
Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar
Path to dependency file: /front50-oracle/front50-oracle.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
Path to dependency file: /front50-oracle/front50-oracle.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-41966
### Vulnerable Library - xstream-1.4.18.jarLibrary home page: http://x-stream.github.io
Path to dependency file: /front50-oracle/front50-oracle.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar
Dependency Hierarchy: - eureka-client-1.10.17.jar (Root Library) - :x: **xstream-1.4.18.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsXStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.
Publish Date: 2022-12-27
URL: CVE-2022-41966
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 1.0%
### CVSS 3 Score Details (8.2)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-j563-grx4-pjpv
Release Date: 2022-12-27
Fix Resolution (com.thoughtworks.xstream:xstream): 1.4.20
Direct dependency fix Resolution (com.netflix.eureka:eureka-client): 2.0.3
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2024-47072
### Vulnerable Library - xstream-1.4.18.jarLibrary home page: http://x-stream.github.io
Path to dependency file: /front50-oracle/front50-oracle.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar
Dependency Hierarchy: - eureka-client-1.10.17.jar (Root Library) - :x: **xstream-1.4.18.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsXStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.
Publish Date: 2024-11-07
URL: CVE-2024-47072
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.0%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2024-47072
Release Date: 2024-11-07
Fix Resolution: com.thoughtworks.xstream:xstream - 1.4.21
CVE-2022-45693
### Vulnerable Library - jettison-1.4.0.jarA StAX implementation for JSON.
Library home page: https://github.com/jettison-json/jettison
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar
Dependency Hierarchy: - eureka-client-1.10.17.jar (Root Library) - :x: **jettison-1.4.0.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsJettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.
Publish Date: 2022-12-13
URL: CVE-2022-45693
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2022-12-13
Fix Resolution (org.codehaus.jettison:jettison): 1.5.2
Direct dependency fix Resolution (com.netflix.eureka:eureka-client): 2.0.2
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2022-45685
### Vulnerable Library - jettison-1.4.0.jarA StAX implementation for JSON.
Library home page: https://github.com/jettison-json/jettison
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar
Dependency Hierarchy: - eureka-client-1.10.17.jar (Root Library) - :x: **jettison-1.4.0.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsA stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data.
Publish Date: 2022-12-13
URL: CVE-2022-45685
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2022-12-13
Fix Resolution (org.codehaus.jettison:jettison): 1.5.2
Direct dependency fix Resolution (com.netflix.eureka:eureka-client): 2.0.2
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2021-43859
### Vulnerable Library - xstream-1.4.18.jarLibrary home page: http://x-stream.github.io
Path to dependency file: /front50-oracle/front50-oracle.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar
Dependency Hierarchy: - eureka-client-1.10.17.jar (Root Library) - :x: **xstream-1.4.18.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsXStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
Publish Date: 2022-02-01
URL: CVE-2021-43859
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 2.1%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-rmr5-cpv2-vgjf
Release Date: 2022-02-01
Fix Resolution (com.thoughtworks.xstream:xstream): 1.4.19
Direct dependency fix Resolution (com.netflix.eureka:eureka-client): 1.10.18
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2022-40151
### Vulnerable Library - xstream-1.4.18.jarLibrary home page: http://x-stream.github.io
Path to dependency file: /front50-oracle/front50-oracle.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.thoughtworks.xstream/xstream/1.4.18/12eb80b4c4b83b184b669866f510a0eae13f9475/xstream-1.4.18.jar
Dependency Hierarchy: - eureka-client-1.10.17.jar (Root Library) - :x: **xstream-1.4.18.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsThose using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Publish Date: 2022-09-16
URL: CVE-2022-40151
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.8%
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-f8cc-g7j8-xxpm
Release Date: 2022-09-16
Fix Resolution (com.thoughtworks.xstream:xstream): 1.4.20
Direct dependency fix Resolution (com.netflix.eureka:eureka-client): 2.0.3
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2022-40150
### Vulnerable Library - jettison-1.4.0.jarA StAX implementation for JSON.
Library home page: https://github.com/jettison-json/jettison
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar
Dependency Hierarchy: - eureka-client-1.10.17.jar (Root Library) - :x: **jettison-1.4.0.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.
Publish Date: 2022-09-16
URL: CVE-2022-40150
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2022-09-16
Fix Resolution (org.codehaus.jettison:jettison): 1.5.1
Direct dependency fix Resolution (com.netflix.eureka:eureka-client): 2.0.2
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2022-40149
### Vulnerable Library - jettison-1.4.0.jarA StAX implementation for JSON.
Library home page: https://github.com/jettison-json/jettison
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar
Dependency Hierarchy: - eureka-client-1.10.17.jar (Root Library) - :x: **jettison-1.4.0.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsThose using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Publish Date: 2022-09-16
URL: CVE-2022-40149
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.2%
### CVSS 3 Score Details (6.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2022-09-16
Fix Resolution (org.codehaus.jettison:jettison): 1.5.1
Direct dependency fix Resolution (com.netflix.eureka:eureka-client): 2.0.2
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.
CVE-2023-1436
### Vulnerable Library - jettison-1.4.0.jarA StAX implementation for JSON.
Library home page: https://github.com/jettison-json/jettison
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.codehaus.jettison/jettison/1.4.0/8f0e7bb69242e9ed5bfdf7384b37c1095b0974fc/jettison-1.4.0.jar
Dependency Hierarchy: - eureka-client-1.10.17.jar (Root Library) - :x: **jettison-1.4.0.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsAn infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.
Publish Date: 2023-03-16
URL: CVE-2023-1436
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (5.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-q6g2-g7f3-rr83
Release Date: 2024-08-01
Fix Resolution (org.codehaus.jettison:jettison): 1.5.4
Direct dependency fix Resolution (com.netflix.eureka:eureka-client): 2.0.2
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.