Path to dependency file: /front50-api/front50-api.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Path to dependency file: /front50-azure/front50-azure.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
Path to dependency file: /front50-azure/front50-azure.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
Path to dependency file: /front50-azure/front50-azure.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
Path to dependency file: /front50-swift/front50-swift.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar
Path to dependency file: /front50-api/front50-api.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-40828
### Vulnerable Library - pf4j-3.2.0.jarPlugin Framework for Java
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/pf4j-parent/pf4j
Path to dependency file: /front50-azure/front50-azure.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar
Dependency Hierarchy: - kork-plugins-api-7.126.0.jar (Root Library) - :x: **pf4j-3.2.0.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsAn issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
Publish Date: 2023-08-28
URL: CVE-2023-40828
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.4%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.
CVE-2023-40827
### Vulnerable Library - pf4j-3.2.0.jarPlugin Framework for Java
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/pf4j-parent/pf4j
Path to dependency file: /front50-azure/front50-azure.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar
Dependency Hierarchy: - kork-plugins-api-7.126.0.jar (Root Library) - :x: **pf4j-3.2.0.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsAn issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
Publish Date: 2023-08-28
URL: CVE-2023-40827
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.3%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.
CVE-2023-40826
### Vulnerable Library - pf4j-3.2.0.jarPlugin Framework for Java
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/pf4j-parent/pf4j
Path to dependency file: /front50-azure/front50-azure.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.pf4j/pf4j/3.2.0/7a07d038ae3531aab2ed344b16333b75087fe9a/pf4j-3.2.0.jar
Dependency Hierarchy: - kork-plugins-api-7.126.0.jar (Root Library) - :x: **pf4j-3.2.0.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsAn issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
Publish Date: 2023-08-28
URL: CVE-2023-40826
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.3%
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.
CVE-2022-24329
### Vulnerable Library - kotlin-stdlib-1.4.32.jarKotlin Standard Library for JVM
Library home page: https://kotlinlang.org/
Path to dependency file: /front50-swift/front50-swift.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlin/kotlin-stdlib/1.4.32/461367948840adbb0839c51d91ed74ef4a9ccb52/kotlin-stdlib-1.4.32.jar
Dependency Hierarchy: - kork-plugins-api-7.126.0.jar (Root Library) - :x: **kotlin-stdlib-1.4.32.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsIn JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
Publish Date: 2022-02-25
URL: CVE-2022-24329
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-2qp4-g3q3-f92w
Release Date: 2022-02-25
Fix Resolution (org.jetbrains.kotlin:kotlin-stdlib): 1.6.0-M1
Direct dependency fix Resolution (io.spinnaker.kork:kork-plugins-api): 7.222.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.