The scope of this CVE affected version is [,7.0.89),[8.0.0, 8.0.53),[8.5.0, 8.5.32),[9.0.0, 9.0.9)
After further analysis, in this project, the main Api called is <org.apache.catalina.filters.CorsFilter: void handleSimpleCORS(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,javax.servlet.FilterChain)>
<org.apache.catalina.filters.CorsFilter: void handleSimpleCORS(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,javax.servlet.FilterChain)>
at <org.apache.catalina.filters.CorsFilter: void doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)> (org.apache.catalina.filters.CorsFilter.java:[161, 157]) in /home/wc/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.23/tomcat-embed-core-8.5.23.jar
at <org.apache.catalina.core.ApplicationFilterChain: void internalDoFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse)> (org.apache.catalina.core.ApplicationFilterChain.java:[193]) in /home/wc/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.23/tomcat-embed-core-8.5.23.jar
at <org.apache.catalina.core.ApplicationFilterChain: void doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse)> (org.apache.catalina.core.ApplicationFilterChain.java:[166]) in /home/wc/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.23/tomcat-embed-core-8.5.23.jar
at <org.zerhusen.security.JwtAuthenticationTokenFilter: void doFilterInternal(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,javax.servlet.FilterChain)> (org.zerhusen.security.JwtAuthenticationTokenFilter.java:[70]) in /home/wc/detect/unzip/jwt-spring-security-demo-1.0.0/target/classes
Hi, In jwt-spring-security-demo,there is a dependency org.apache.tomcat.embed:tomcat-embed-core:8.5.23 that calls the risk method.
CVE-2018-8014
The scope of this CVE affected version is [,7.0.89),[8.0.0, 8.0.53),[8.5.0, 8.5.32),[9.0.0, 9.0.9)
After further analysis, in this project, the main Api called is <org.apache.catalina.filters.CorsFilter: void handleSimpleCORS(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,javax.servlet.FilterChain)>
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 5
Dependency tree--
Suggested solutions:
Update dependency version
Thank you very much.