High Vulnerabilities fixes for issue No. 64 No (IBM pom file)
- Information Exposure in org.apache.tomcat/tomcat-coyote (IBM)
This vulnerability allows an attacker to access sensitive information in the Apache Tomcat application through the HTTP headers. The vulnerability exists in the Tomcat Coyote
URL:
https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/security/vulnerabilities/13632
- Improper Restriction of XML External Entity Reference in com.fasterxml.jackson.core/jackson-databind
This vulnerability allows an attacker to exploit XML external entity (XXE) attacks through the Jackson Databind library
URL:
https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/security/vulnerabilities/8493 https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/security/vulnerabilities/18525
-
Allocation of Resources Without Limits or Throttling in org.springframework/spring-core
In spring framework versions prior to 5.3.20+, 5.2.22+ and old unsupported versions, applications that handle file uploads is vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet. URL:
https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/security/vulnerabilities/21796 https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/security/vulnerabilities/19995 -
Improper Privilege Management in org.springframework/spring-core
This vulnerability allows an attacker to escalate privileges in a WebFlux application using Spring Framework versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7
URL:
https://community.opengroup.org/osdu/platform/data-flow/ingestion/csv-parser/csv-parser/-/security/vulnerabilities/22135