Closed apiiro-staging[bot] closed 10 months ago
Discovered on: Jan 15, 2024 09:54 Dependency: log4j:log4j Version: 1.2.12 Type: Direct Introduced through:
About this package:
External dependency: log4j:log4j - http://logging.apache.org/log4j/1.2/ Package details: Apache Log4j 1.2 Latest version: 1.2.17 License: Apache-2.0 Insights:
common/src/main/java/org/broadleafcommerce/common/cache/Log4jStatisticsServiceLogAdapter.java common/src/main/java/org/broadleafcommerce/common/logging/Log4jManagementBean.java
In order to update its version, you may need to upgrade the following top-level dependencies:
View in Apiiro
Discovered on: Jan 15, 2024 09:50 Dependency: org.thymeleaf.extras:thymeleaf-extras-springsecurity5 Version: Type: Direct Introduced through:
External dependency: org.thymeleaf.extras:thymeleaf-extras-springsecurity5 - http://www.thymeleaf.org Latest version: 3.1.2.RELEASE License: Apache-2.0 Insights:
src/main/java/org/owasp/webgoat/container/MvcConfiguration.java
Discovered on: Jan 15, 2024 09:54
Dependency: log4j:log4j
Version: 1.2.12
Type: Direct
Introduced through:
Vulnerabilities
About this package:
External dependency: log4j:log4j - http://logging.apache.org/log4j/1.2/
Package details: Apache Log4j 1.2
Latest version: 1.2.17
License: Apache-2.0
Insights:
common/src/main/java/org/broadleafcommerce/common/cache/Log4jStatisticsServiceLogAdapter.java
common/src/main/java/org/broadleafcommerce/common/logging/Log4jManagementBean.java
This is a sub-dependency
In order to update its version, you may need to upgrade the following top-level dependencies:
View in Apiiro
Discovered on: Jan 15, 2024 09:50
Dependency: org.thymeleaf.extras:thymeleaf-extras-springsecurity5
Version:
Type: Direct
Introduced through:
About this package:
External dependency: org.thymeleaf.extras:thymeleaf-extras-springsecurity5 - http://www.thymeleaf.org
Latest version: 3.1.2.RELEASE
License: Apache-2.0
Insights:
src/main/java/org/owasp/webgoat/container/MvcConfiguration.java
View in Apiiro