Skip to content

High Vulnerabilities fixes for issue No. 64 No (IBM pom file)

Jayesh Bagul requested to merge az/jb_fix_VULNERABILITIES_082022 into master
  1. Information Exposure in org.apache.tomcat/tomcat-coyote (IBM)
    This vulnerability allows an attacker to access sensitive information in the Apache Tomcat application through the HTTP headers. The vulnerability exists in the Tomcat Coyote
  1. Improper Restriction of XML External Entity Reference in com.fasterxml.jackson.core/jackson-databind
    This vulnerability allows an attacker to exploit XML external entity (XXE) attacks through the Jackson Databind library
  1. Allocation of Resources Without Limits or Throttling in org.springframework/spring-core
    In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, applications that handle file uploads is vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet. URL:

  2. Improper Privilege Management in org.springframework/spring-core
    This vulnerability allows an attacker to escalate privileges in a WebFlux application using Spring Framework versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7

Edited by Jayesh Bagul

Merge request reports