search

litsec / swedish-eid-opensaml

OpenSAML extensions for the Swedish eID Framework
Apache License 2.0
0 stars 0 forks source link

Act on Snyk report #23

Closed martin-lindstrom closed 6 years ago

martin-lindstrom commented 6 years ago

Snyk reports the following vulnerabilities:

HIGH SEVERITY

Arbitrary Code Execution Vulnerable module: commons-collections:commons-collections Introduced through: org.opensaml:opensaml-saml-impl@3.4.0

Elliptic Curve Key Disclosure Vulnerable module: com.nimbusds:nimbus-jose-jwt Introduced through: com.nimbusds:nimbus-jose-jwt@4.23

Invalid Elliptic Curve Attack Vulnerable module: com.nimbusds:nimbus-jose-jwt Introduced through: com.nimbusds:nimbus-jose-jwt@4.23

Unexpected Code Execution Vulnerable module: org.bouncycastle:bcprov-jdk15on Introduced through: se.litsec.opensaml:opensaml3-ext@1.2.0, org.opensaml:opensaml-saml-impl@3.4.0 and others

MEDIUM SEVERITY

Deserialization of Untrusted Data Vulnerable module: com.google.guava:guava Introduced through: se.litsec.opensaml:opensaml3-ext@1.2.0 and net.shibboleth.utilities:java-support@7.4.0

Insecure Encryption Vulnerable module: org.bouncycastle:bcprov-jdk15on Introduced through: se.litsec.opensaml:opensaml3-ext@1.2.0, org.opensaml:opensaml-saml-impl@3.4.0 and others