search

kabanero-io / kabanero-landing

A console application for managing your Kabanero instances. This repo will be archived soon.
Apache License 2.0
4 stars 6 forks source link

GitSecure Vulnerability Report #250

Open ralanlittle opened 4 years ago

ralanlittle commented 4 years ago

GitSecure Vulnerablility Report

:white_check_mark: Manifest File: package-lock.json :white_check_mark: Manifest File: Dockerfile :white_check_mark: Manifest File: travis/Dockerfile Vulnerabilities discovered in the following manifest file(s)

:x: Manifest File: pom.xml Package Name: org.apache.commons:commons-compress Version : 1.18

Vulnerabilities CVE ID: GHSA-53x6-4x5p-rrvv Severity: High Fixed in Version: 1.19 Description: The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. CVE ID: CVE-2019-12402 Severity: High Fixed in Version: 1.19 Description: The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.