mend-bolt-for-github[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
WS-2020-0407 - Medium Severity Vulnerability
JSON API documentation for spring based applications
Library home page: https://github.com/springfox/springfox
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/springfox/springfox-swagger2/3.0.0/springfox-swagger2-3.0.0.jar
Dependency Hierarchy: - springfox-boot-starter-3.0.0.jar (Root Library) - :x: **springfox-swagger2-3.0.0.jar** (Vulnerable Library)
Found in HEAD commit: 2a0c95e697f084fa790992c18844aff95e327dff
Found in base branch: master
An issue was found in io.springfox:springfox-swagger2. This vulnerability can lead to “Log injection” - whereas untrusted data gets written into log files/entries. It allows attackers to forge log entries or inject malicious content into the logs.
Publish Date: 2020-09-09
URL: WS-2020-0407
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here