Created
January 24, 2025 14:32
-
-
Save carlspring/e4fc0e00d94dfc42e9afc831fb52dfa1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", | |
| "version": "2.1.0", | |
| "runs": [ | |
| { | |
| "tool": { | |
| "driver": { | |
| "name": "Mend.io: Dependency Vulnerability Scanner", | |
| "rules": [ | |
| { | |
| "id": "CVE-2018-19362", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2018-19362", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-19362" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 2.9.8" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36189", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36189", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36189" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2996", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-12023", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2018-12023", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-12023" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 2.7.9.4, 2.8.11.2, 2.9.6" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-16335", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-16335", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-16335" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-85cw-hj65-qqv9", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2022-42003", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2022-42003", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2022-42003" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.2" | |
| }, | |
| "helpUri": "https://github.com/advisories/GHSA-jjjh-jjxp-wpff", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-14060", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-14060", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-14060" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.10.0" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14060", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36187", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36187", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36187" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2997", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-24750", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-24750", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-24750" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.6" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36183", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36183", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36183" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/3003", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-11111", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-11111", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-11111" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-14195", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-14195", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-14195" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.5" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2021-20190", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2021-20190", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2021-20190" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind-2.9.10.7" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2854", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-17267", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-17267", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-17267" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2460", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-14720", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2018-14720", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-14720" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.7" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-x2w5-5m2g-7h5m", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-12814", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-12814", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-12814" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 2.7.9.6, 2.8.11.4, 2.9.9.1, 2.10.0" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2341", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-9547", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-9547", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-9547" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-q93h-jc49-78gg", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-10673", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-10673", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-10673" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2660", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-12022", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2018-12022", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-12022" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 2.7.9.4, 2.8.11.2, 2.9.6" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-20330", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-20330", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-20330" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2526", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-14061", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-14061", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-14061" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.10.0" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14061", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-11620", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-11620", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-11620" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11620", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36184", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36184", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36184" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2998", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-10202", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-10202", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-10202" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.0.0" | |
| }, | |
| "helpUri": "https://lists.apache.org/thread/08302h5kp2l9ry2zq8vydomlhn0fg4j4", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36180", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36180", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36180" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/3004", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-14721", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2018-14721", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-14721" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.5,2.8.11.3,2.9.7" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-19360", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2018-19360", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-19360" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.8" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-f9hv-mg5h-xcw9", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36518", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36518", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36518" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2816", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-10672", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-10672", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-10672" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version jackson-databind-2.9.10.4" | |
| }, | |
| "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36179", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36179", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36179" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/3004", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-14893", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-14893", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-14893" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.10.0" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-9546", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-9546", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-9546" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.10.3" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-9548", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-9548", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-9548" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-10969", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-10969", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-10969" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.8.11.6;com.fasterxml.jackson.core:jackson-databind:2.7.9.7" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36185", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36185", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36185" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2998", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-14062", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-14062", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-14062" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.10.0" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14062", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36181", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36181", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36181" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/3004", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-11619", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-11619", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-11619" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11619", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-35491", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-35491", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-35491" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2986", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-14379", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-14379", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-14379" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.6,2.8.11.4,2.9.9.2" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-6fpp-rgj9-8rwc", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-16943", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-16943", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-16943" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10.1" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-fmmc-742q-jg75", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-17531", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-17531", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-17531" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10.1" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-gjmw-vf9h-g25v", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-11113", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-11113", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-11113" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4;2.10.0" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-12086", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-12086", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-12086" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 2.9.9" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-19361", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2018-19361", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-19361" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.8" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-mx9v-gmh4-mgqw", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-24616", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-24616", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-24616" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 2.9.10.6" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-25649", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-25649", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-25649" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.4,2.9.10.7,2.10.5.1,2.11.0.rc1" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2589", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-14718", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2018-14718", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-14718" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.7" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-645p-88qh-w398", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-11307", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2018-11307", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-11307" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version jackson-databind-2.9.6" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2032", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36188", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36188", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36188" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2996", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-14892", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-14892", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-14892" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-cf6r-3wgc-h863", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36186", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36186", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36186" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2997", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2022-42004", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2022-42004", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2022-42004" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.13.4" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/3582", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-10968", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-10968", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-10968" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version jackson-databind-2.9.10.4" | |
| }, | |
| "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-8840", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-8840", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-8840" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.3" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2620", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-12384", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-12384", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-12384" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 2.9.9.1" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-36182", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-36182", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36182" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/3004", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-10650", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-10650", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-10650" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4" | |
| }, | |
| "helpUri": "https://github.com/advisories/GHSA-rpr3-cw39-3pxh", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-35728", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-35728", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-35728" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-35490", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-35490", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-35490" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-databind/issues/2986", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-14540", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-14540", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-14540" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-h822-r4r5-v8jg", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-16942", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-16942", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-16942" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10.1" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-mx7p-6679-8g3q", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-11112", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2020-11112", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-11112" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11112", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-14439", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2019-14439", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-14439" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 2.9.9.2" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-14719", | |
| "name": "jackson-databind-2.9.5.jar is affected by CVE-2018-14719", | |
| "shortDescription": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-14719" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.7" | |
| }, | |
| "helpUri": "https://osv.dev/vulnerability/GHSA-4gq5-ch57-c2mg", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "WS-2022-0468", | |
| "name": "jackson-core-2.9.5.jar is affected by WS-2022-0468", | |
| "shortDescription": { | |
| "text": "jackson-core-2.9.5.jar is affected by WS-2022-0468" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version com.fasterxml.jackson.core:jackson-core:2.15.0" | |
| }, | |
| "helpUri": "https://github.com/FasterXML/jackson-core/issues/861", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2015-7501", | |
| "name": "commons-collections-3.2.1.jar is affected by CVE-2015-7501", | |
| "shortDescription": { | |
| "text": "commons-collections-3.2.1.jar is affected by CVE-2015-7501" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version commons-collections:commons-collections:3.2.2;org.apache.commons:commons-collections4:4.1" | |
| }, | |
| "helpUri": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2015-4852", | |
| "name": "commons-collections-3.2.1.jar is affected by CVE-2015-4852", | |
| "shortDescription": { | |
| "text": "commons-collections-3.2.1.jar is affected by CVE-2015-4852" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version commons-collections:commons-collections:3.2.2" | |
| }, | |
| "helpUri": "https://www.openwall.com/lists/oss-security/2015/11/17/19", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-13116", | |
| "name": "commons-collections-3.2.1.jar is affected by CVE-2019-13116", | |
| "shortDescription": { | |
| "text": "commons-collections-3.2.1.jar is affected by CVE-2019-13116" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version commons-collections:commons-collections:3.2.2" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13116", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2015-6420", | |
| "name": "commons-collections-3.2.1.jar is affected by CVE-2015-6420", | |
| "shortDescription": { | |
| "text": "commons-collections-3.2.1.jar is affected by CVE-2015-6420" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version commons-collections:commons-collections3.2.2,org.apache.commons:commons-collections4:4.1" | |
| }, | |
| "helpUri": "https://github.com/apache/commons-collections/tree/collections-3.2.2,https://github.com/apache/commons-collections/tree/collections-4.1", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2017-15708", | |
| "name": "commons-collections-3.2.1.jar is affected by CVE-2017-15708", | |
| "shortDescription": { | |
| "text": "commons-collections-3.2.1.jar is affected by CVE-2017-15708" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.synapse:Apache-Synapse:3.0.1;commons-collections:commons-collections:3.2.2" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15708", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2017-9801", | |
| "name": "commons-email-1.1.jar is affected by CVE-2017-9801", | |
| "shortDescription": { | |
| "text": "commons-email-1.1.jar is affected by CVE-2017-9801" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 1.5" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9801", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-1294", | |
| "name": "commons-email-1.1.jar is affected by CVE-2018-1294", | |
| "shortDescription": { | |
| "text": "commons-email-1.1.jar is affected by CVE-2018-1294" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.commons:commons-email:1.5" | |
| }, | |
| "helpUri": "https://github.com/advisories/GHSA-v7cm-w955-pj6g", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2023-41835", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2023-41835", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2023-41835" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.5.32,6.1.2.2,6.3.0.1" | |
| }, | |
| "helpUri": "https://www.cve.org/CVERecord?id=CVE-2023-41835", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2024-53677", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2024-53677", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2024-53677" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:6.4.0" | |
| }, | |
| "helpUri": "https://cwiki.apache.org/confluence/display/WW/S2-067", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-4003", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2016-4003", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4003" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.28" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_28/", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-0230", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2019-0230", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2019-0230" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.5.22" | |
| }, | |
| "helpUri": "https://cwiki.apache.org/confluence/display/ww/s2-059", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-4436", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2016-4436", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4436" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.29,org.apache.struts:struts2-core:2.5.1.3" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_29/", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2021-31805", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2021-31805", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2021-31805" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.5.30" | |
| }, | |
| "helpUri": "https://cwiki.apache.org/confluence/display/WW/S2-062", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-4430", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2016-4430", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4430" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.29" | |
| }, | |
| "helpUri": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4430", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2015-2992", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2015-2992", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2015-2992" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.20.1" | |
| }, | |
| "helpUri": "https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2992", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2015-5209", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2015-5209", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2015-5209" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 2.3.24.1" | |
| }, | |
| "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2015-5209", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2015-5169", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2015-5169", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2015-5169" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 2.3.20" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5169", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-3093", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2016-3093", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-3093" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.28,ognl:ognl:3.0.12" | |
| }, | |
| "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2016-3093", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-3082", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2016-3082", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-3082" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.20.3,org.apache.struts:struts2-core:2.3.24.3,org.apache.struts:struts2-core: 2.3.28.1" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_28_1/", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2023-50164", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2023-50164", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2023-50164" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.5.33,6.3.0.2" | |
| }, | |
| "helpUri": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-3087", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2016-3087", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-3087" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.20.3,org.apache.struts:struts2-core:2.3.24.3,org.apache.struts:struts2-core: 2.3.28.1" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_28_1/", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2023-34149", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2023-34149", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2023-34149" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.5.31,6.1.2.1" | |
| }, | |
| "helpUri": "https://github.com/advisories/GHSA-8f6x-v685-g2xc", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-11776", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2018-11776", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2018-11776" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core - 2.3.35,2.5.17;org.apache.struts:struts2-rest-plugin - 2.3.34,2.5.17" | |
| }, | |
| "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2017-9787", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2017-9787", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2017-9787" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.33,org.apache.struts:struts2-core:2.5.12" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_33/", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-6795", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2016-6795", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-6795" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.31,org.apache.struts:struts2-core:2.5.5" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_31/", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-4465", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2016-4465", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4465" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.29, \torg.apache.struts.xwork:xwork-core:2.3.29" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_29/", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2019-0233", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2019-0233", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2019-0233" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.5.22" | |
| }, | |
| "helpUri": "https://cwiki.apache.org/confluence/display/ww/s2-060", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2017-12611", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2017-12611", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2017-12611" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.34;org.apache.struts:struts2-core:2.5.12" | |
| }, | |
| "helpUri": "https://cwiki.apache.org/confluence/display/WW/S2-053", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-4433", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2016-4433", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4433" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.29,\torg.apache.struts.xwork:xwork-core:2.3.29" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_29", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-4431", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2016-4431", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4431" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.29" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_29/", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-3081", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2016-3081", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-3081" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.20.3,org.apache.struts:struts2-core:2.3.24.3,org.apache.struts:struts2-core: 2.3.28.1" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_28_1/", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2020-17530", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2020-17530", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2020-17530" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.5.26" | |
| }, | |
| "helpUri": "https://cwiki.apache.org/confluence/display/WW/S2-061", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2017-5638", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2017-5638", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2017-5638" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.32,org.apache.struts:struts2-core:2.5.10.1" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_32/", | |
| "properties": { | |
| "severity": "CRITICAL" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2017-9804", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2017-9804", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2017-9804" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.34,org.apache.struts:struts2-core:2.5.13" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_34/", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2023-34396", | |
| "name": "struts2-core-2.3.20.jar is affected by CVE-2023-34396", | |
| "shortDescription": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2023-34396" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.5.31,6.1.2.1" | |
| }, | |
| "helpUri": "https://github.com/advisories/GHSA-4g42-gqrg-4633", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-3092", | |
| "name": "commons-fileupload-1.3.1.jar is affected by CVE-2016-3092", | |
| "shortDescription": { | |
| "text": "commons-fileupload-1.3.1.jar is affected by CVE-2016-3092" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.tomcat.embed:tomcat-embed-core:9.0.0.M8,8.5.3,8.0.36,7.0.70,org.apache.tomcat:tomcat-coyote:9.0.0.M8,8.5.3,8.0.36,7.0.70,commons-fileupload:commons-fileupload:1.3.2" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-1000031", | |
| "name": "commons-fileupload-1.3.1.jar is affected by CVE-2016-1000031", | |
| "shortDescription": { | |
| "text": "commons-fileupload-1.3.1.jar is affected by CVE-2016-1000031" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version 1.3.3" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "WS-2014-0034", | |
| "name": "commons-fileupload-1.3.1.jar is affected by WS-2014-0034", | |
| "shortDescription": { | |
| "text": "commons-fileupload-1.3.1.jar is affected by WS-2014-0034" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version commons-fileupload:commons-fileupload:1.4" | |
| }, | |
| "helpUri": "https://github.com/apache/commons-fileupload/commit/5b4881d7f75f439326f54fa554a9ca7de6d60814", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2023-24998", | |
| "name": "commons-fileupload-1.3.1.jar is affected by CVE-2023-24998", | |
| "shortDescription": { | |
| "text": "commons-fileupload-1.3.1.jar is affected by CVE-2023-24998" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version commons-fileupload:commons-fileupload:1.5;org.apache.tomcat:tomcat-coyote:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat.embed:tomcat-embed-core:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-util:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-catalina:8.5.85,9.0.71,10.1.5,11.0.0-M3" | |
| }, | |
| "helpUri": "https://tomcat.apache.org/security-10.html", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2024-47554", | |
| "name": "commons-io-2.2.jar is affected by CVE-2024-47554", | |
| "shortDescription": { | |
| "text": "commons-io-2.2.jar is affected by CVE-2024-47554" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version commons-io:commons-io:2.14.0" | |
| }, | |
| "helpUri": "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2021-29425", | |
| "name": "commons-io-2.2.jar is affected by CVE-2021-29425", | |
| "shortDescription": { | |
| "text": "commons-io-2.2.jar is affected by CVE-2021-29425" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version commons-io:commons-io:2.7" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-0785", | |
| "name": "xwork-core-2.3.20.jar is affected by CVE-2016-0785", | |
| "shortDescription": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2016-0785" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts.xwork:xwork-core:2.3.28" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_28", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-4461", | |
| "name": "xwork-core-2.3.20.jar is affected by CVE-2016-4461", | |
| "shortDescription": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2016-4461" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts:struts2-core:2.3.29" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_29/", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2016-2162", | |
| "name": "xwork-core-2.3.20.jar is affected by CVE-2016-2162", | |
| "shortDescription": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2016-2162" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts.xwork:xwork-core:2.3.25" | |
| }, | |
| "helpUri": "https://github.com/apache/struts/tree/STRUTS_2_3_25", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2015-1831", | |
| "name": "xwork-core-2.3.20.jar is affected by CVE-2015-1831", | |
| "shortDescription": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2015-1831" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.apache.struts.xwork:xwork-core - 2.3.20.1" | |
| }, | |
| "helpUri": "https://nvd.nist.gov/vuln/detail/CVE-2015-1831", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2021-22096", | |
| "name": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2021-22096", | |
| "shortDescription": { | |
| "text": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2021-22096" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.springframework:spring-core:5.2.18.RELEASE,5.3.12;org.springframework:spring-web:5.2.18.RELEASE,5.3.12;org.springframework:spring-webmvc:5.2.18.RELEASE,5.3.12;org.springframework:spring-webflux:5.2.18.RELEASE,5.3.12" | |
| }, | |
| "helpUri": "https://tanzu.vmware.com/security/cve-2021-22096", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2021-22060", | |
| "name": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2021-22060", | |
| "shortDescription": { | |
| "text": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2021-22060" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.springframework:spring-core:5.2.19, 5.3.14;org.springframework:spring-web:5.2.19, 5.3.14" | |
| }, | |
| "helpUri": "https://spring.io/security/cve-2021-22060", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-1272", | |
| "name": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2018-1272", | |
| "shortDescription": { | |
| "text": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2018-1272" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.springframework:spring-core:4.3.15.RELEASE,5.0.5.RELEASE;org.springframework:spring-web:4.3.15.RELEASE,5.0.5.RELEASE" | |
| }, | |
| "helpUri": "https://tanzu.vmware.com/security/cve-2018-1272", | |
| "properties": { | |
| "severity": "HIGH" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2018-1199", | |
| "name": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2018-1199", | |
| "shortDescription": { | |
| "text": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2018-1199" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.springframework.security:spring-security-web:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework.security:spring-security-config:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework:spring-core:4.3.14.RELEASE,5.0.3.RELEASE" | |
| }, | |
| "helpUri": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| }, | |
| { | |
| "id": "CVE-2022-22970", | |
| "name": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2022-22970", | |
| "shortDescription": { | |
| "text": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2022-22970" | |
| }, | |
| "fullDescription": { | |
| "text": "Upgrade to version org.springframework:spring-beans:5.2.22,5.3.20;org.springframework:spring-core:5.2.22,5.3.20" | |
| }, | |
| "helpUri": "https://tanzu.vmware.com/security/cve-2022-22970", | |
| "properties": { | |
| "severity": "MEDIUM" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "results": [ | |
| { | |
| "ruleId": "CVE-2018-19362", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-19362", | |
| "markdown": "<b>Recommendations for [CVE-2018-19362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362):</b><br/><br/>* Upgrade to version 2.9.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2018-19362)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-19362", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36189", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36189", | |
| "markdown": "<b>Recommendations for [CVE-2020-36189](https://github.com/FasterXML/jackson-databind/issues/2996):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36189)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36189", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2996" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-12023", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-12023", | |
| "markdown": "<b>Recommendations for [CVE-2018-12023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022):</b><br/><br/>* Upgrade to version 2.7.9.4, 2.8.11.2, 2.9.6.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2018-12023)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-12023", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-16335", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-16335", | |
| "markdown": "<b>Recommendations for [CVE-2019-16335](https://osv.dev/vulnerability/GHSA-85cw-hj65-qqv9):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-16335)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-16335", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-85cw-hj65-qqv9" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2022-42003", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2022-42003", | |
| "markdown": "<b>Recommendations for [CVE-2022-42003](https://github.com/advisories/GHSA-jjjh-jjxp-wpff):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.12.7.1,2.13.4.2.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2022-42003)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2022-42003", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/advisories/GHSA-jjjh-jjxp-wpff" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-14060", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-14060", | |
| "markdown": "<b>Recommendations for [CVE-2020-14060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14060):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.10.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-14060)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-14060", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14060" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36187", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36187", | |
| "markdown": "<b>Recommendations for [CVE-2020-36187](https://github.com/FasterXML/jackson-databind/issues/2997):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36187)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36187", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2997" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-24750", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-24750", | |
| "markdown": "<b>Recommendations for [CVE-2020-24750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.6.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-24750)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-24750", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36183", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36183", | |
| "markdown": "<b>Recommendations for [CVE-2020-36183](https://github.com/FasterXML/jackson-databind/issues/3003):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36183)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36183", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/3003" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-11111", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-11111", | |
| "markdown": "<b>Recommendations for [CVE-2020-11111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-11111)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-11111", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-14195", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-14195", | |
| "markdown": "<b>Recommendations for [CVE-2020-14195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.5.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-14195)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-14195", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14195" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2021-20190", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2021-20190", | |
| "markdown": "<b>Recommendations for [CVE-2021-20190](https://github.com/FasterXML/jackson-databind/issues/2854):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind-2.9.10.7.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2021-20190)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2021-20190", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2854" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-17267", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-17267", | |
| "markdown": "<b>Recommendations for [CVE-2019-17267](https://github.com/FasterXML/jackson-databind/issues/2460):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.8.11.5,2.9.10.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-17267)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-17267", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2460" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-14720", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-14720", | |
| "markdown": "<b>Recommendations for [CVE-2018-14720](https://osv.dev/vulnerability/GHSA-x2w5-5m2g-7h5m):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.7.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2018-14720)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-14720", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-x2w5-5m2g-7h5m" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-12814", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-12814", | |
| "markdown": "<b>Recommendations for [CVE-2019-12814](https://github.com/FasterXML/jackson-databind/issues/2341):</b><br/><br/>* Upgrade to version 2.7.9.6, 2.8.11.4, 2.9.9.1, 2.10.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-12814)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-12814", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2341" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-9547", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-9547", | |
| "markdown": "<b>Recommendations for [CVE-2020-9547](https://osv.dev/vulnerability/GHSA-q93h-jc49-78gg):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-9547)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-9547", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-q93h-jc49-78gg" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-10673", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-10673", | |
| "markdown": "<b>Recommendations for [CVE-2020-10673](https://github.com/FasterXML/jackson-databind/issues/2660):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-10673)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-10673", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2660" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-12022", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-12022", | |
| "markdown": "<b>Recommendations for [CVE-2018-12022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022):</b><br/><br/>* Upgrade to version 2.7.9.4, 2.8.11.2, 2.9.6.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2018-12022)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-12022", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12022" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-20330", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-20330", | |
| "markdown": "<b>Recommendations for [CVE-2019-20330](https://github.com/FasterXML/jackson-databind/issues/2526):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.5,2.9.10.2.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-20330)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-20330", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2526" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-14061", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-14061", | |
| "markdown": "<b>Recommendations for [CVE-2020-14061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14061):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.10.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-14061)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-14061", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14061" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-11620", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-11620", | |
| "markdown": "<b>Recommendations for [CVE-2020-11620](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11620):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-11620)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-11620", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11620" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36184", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36184", | |
| "markdown": "<b>Recommendations for [CVE-2020-36184](https://github.com/FasterXML/jackson-databind/issues/2998):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36184)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36184", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2998" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-10202", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-10202", | |
| "markdown": "<b>Recommendations for [CVE-2019-10202](https://lists.apache.org/thread/08302h5kp2l9ry2zq8vydomlhn0fg4j4):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.0.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-10202)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-10202", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://lists.apache.org/thread/08302h5kp2l9ry2zq8vydomlhn0fg4j4" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36180", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36180", | |
| "markdown": "<b>Recommendations for [CVE-2020-36180](https://github.com/FasterXML/jackson-databind/issues/3004):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36180)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36180", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/3004" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-14721", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-14721", | |
| "markdown": "<b>Recommendations for [CVE-2018-14721](https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.7.9.5,2.8.11.3,2.9.7.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2018-14721)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-14721", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-19360", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-19360", | |
| "markdown": "<b>Recommendations for [CVE-2018-19360](https://osv.dev/vulnerability/GHSA-f9hv-mg5h-xcw9):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2018-19360)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-19360", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-f9hv-mg5h-xcw9" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36518", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36518", | |
| "markdown": "<b>Recommendations for [CVE-2020-36518](https://github.com/FasterXML/jackson-databind/issues/2816):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.12.6.1,2.13.2.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36518)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36518", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2816" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-10672", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-10672", | |
| "markdown": "<b>Recommendations for [CVE-2020-10672](https://nvd.nist.gov/vuln/detail/CVE-2020-10672):</b><br/><br/>* Upgrade to version jackson-databind-2.9.10.4.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-10672)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-10672", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36179", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36179", | |
| "markdown": "<b>Recommendations for [CVE-2020-36179](https://github.com/FasterXML/jackson-databind/issues/3004):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36179)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36179", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/3004" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-14893", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-14893", | |
| "markdown": "<b>Recommendations for [CVE-2019-14893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.10.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-14893)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-14893", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-9546", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-9546", | |
| "markdown": "<b>Recommendations for [CVE-2020-9546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.10.3.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-9546)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-9546", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-9548", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-9548", | |
| "markdown": "<b>Recommendations for [CVE-2020-9548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.7,2.8.11.6,2.9.10.4.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-9548)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-9548", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-10969", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-10969", | |
| "markdown": "<b>Recommendations for [CVE-2020-10969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.8.11.6;com.fasterxml.jackson.core:jackson-databind:2.7.9.7.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-10969)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-10969", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36185", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36185", | |
| "markdown": "<b>Recommendations for [CVE-2020-36185](https://github.com/FasterXML/jackson-databind/issues/2998):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36185)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36185", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2998" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-14062", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-14062", | |
| "markdown": "<b>Recommendations for [CVE-2020-14062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14062):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.10.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-14062)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-14062", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14062" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36181", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36181", | |
| "markdown": "<b>Recommendations for [CVE-2020-36181](https://github.com/FasterXML/jackson-databind/issues/3004):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36181)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36181", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/3004" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-11619", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-11619", | |
| "markdown": "<b>Recommendations for [CVE-2020-11619](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11619):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-11619)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-11619", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11619" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-35491", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-35491", | |
| "markdown": "<b>Recommendations for [CVE-2020-35491](https://github.com/FasterXML/jackson-databind/issues/2986):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-35491)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-35491", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2986" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-14379", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-14379", | |
| "markdown": "<b>Recommendations for [CVE-2019-14379](https://osv.dev/vulnerability/GHSA-6fpp-rgj9-8rwc):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.6,2.8.11.4,2.9.9.2.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-14379)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-14379", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-6fpp-rgj9-8rwc" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-16943", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-16943", | |
| "markdown": "<b>Recommendations for [CVE-2019-16943](https://osv.dev/vulnerability/GHSA-fmmc-742q-jg75):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-16943)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-16943", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-fmmc-742q-jg75" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-17531", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-17531", | |
| "markdown": "<b>Recommendations for [CVE-2019-17531](https://osv.dev/vulnerability/GHSA-gjmw-vf9h-g25v):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-17531)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-17531", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-gjmw-vf9h-g25v" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-11113", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-11113", | |
| "markdown": "<b>Recommendations for [CVE-2020-11113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4;2.10.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-11113)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-11113", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-12086", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-12086", | |
| "markdown": "<b>Recommendations for [CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086):</b><br/><br/>* Upgrade to version 2.9.9.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-12086)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-12086", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-19361", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-19361", | |
| "markdown": "<b>Recommendations for [CVE-2018-19361](https://osv.dev/vulnerability/GHSA-mx9v-gmh4-mgqw):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2018-19361)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-19361", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-mx9v-gmh4-mgqw" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-24616", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-24616", | |
| "markdown": "<b>Recommendations for [CVE-2020-24616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616):</b><br/><br/>* Upgrade to version 2.9.10.6.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-24616)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-24616", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24616" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-25649", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-25649", | |
| "markdown": "<b>Recommendations for [CVE-2020-25649](https://github.com/FasterXML/jackson-databind/issues/2589):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.4,2.9.10.7,2.10.5.1,2.11.0.rc1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-25649)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-25649", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2589" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-14718", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-14718", | |
| "markdown": "<b>Recommendations for [CVE-2018-14718](https://osv.dev/vulnerability/GHSA-645p-88qh-w398):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.7.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2018-14718)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-14718", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-645p-88qh-w398" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-11307", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-11307", | |
| "markdown": "<b>Recommendations for [CVE-2018-11307](https://github.com/FasterXML/jackson-databind/issues/2032):</b><br/><br/>* Upgrade to version jackson-databind-2.9.6.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2018-11307)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-11307", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2032" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36188", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36188", | |
| "markdown": "<b>Recommendations for [CVE-2020-36188](https://github.com/FasterXML/jackson-databind/issues/2996):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36188)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36188", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2996" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-14892", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-14892", | |
| "markdown": "<b>Recommendations for [CVE-2019-14892](https://osv.dev/vulnerability/GHSA-cf6r-3wgc-h863):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-14892)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-14892", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-cf6r-3wgc-h863" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36186", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36186", | |
| "markdown": "<b>Recommendations for [CVE-2020-36186](https://github.com/FasterXML/jackson-databind/issues/2997):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36186)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36186", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2997" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2022-42004", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2022-42004", | |
| "markdown": "<b>Recommendations for [CVE-2022-42004](https://github.com/FasterXML/jackson-databind/issues/3582):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.13.4.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2022-42004)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2022-42004", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/3582" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-10968", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-10968", | |
| "markdown": "<b>Recommendations for [CVE-2020-10968](https://nvd.nist.gov/vuln/detail/CVE-2020-10968):</b><br/><br/>* Upgrade to version jackson-databind-2.9.10.4.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-10968)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-10968", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-8840", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-8840", | |
| "markdown": "<b>Recommendations for [CVE-2020-8840](https://github.com/FasterXML/jackson-databind/issues/2620):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.3.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-8840)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-8840", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2620" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-12384", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-12384", | |
| "markdown": "<b>Recommendations for [CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384):</b><br/><br/>* Upgrade to version 2.9.9.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-12384)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-12384", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-36182", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-36182", | |
| "markdown": "<b>Recommendations for [CVE-2020-36182](https://github.com/FasterXML/jackson-databind/issues/3004):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-36182)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-36182", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/3004" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-10650", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-10650", | |
| "markdown": "<b>Recommendations for [CVE-2020-10650](https://github.com/advisories/GHSA-rpr3-cw39-3pxh):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-10650)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-10650", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/advisories/GHSA-rpr3-cw39-3pxh" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-35728", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-35728", | |
| "markdown": "<b>Recommendations for [CVE-2020-35728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-35728)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-35728", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35728" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-35490", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-35490", | |
| "markdown": "<b>Recommendations for [CVE-2020-35490](https://github.com/FasterXML/jackson-databind/issues/2986):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.8.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-35490)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-35490", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-databind/issues/2986" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-14540", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-14540", | |
| "markdown": "<b>Recommendations for [CVE-2019-14540](https://osv.dev/vulnerability/GHSA-h822-r4r5-v8jg):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-14540)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-14540", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-h822-r4r5-v8jg" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-16942", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-16942", | |
| "markdown": "<b>Recommendations for [CVE-2019-16942](https://osv.dev/vulnerability/GHSA-mx7p-6679-8g3q):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.6.7.3,2.8.11.5,2.9.10.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-16942)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-16942", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-mx7p-6679-8g3q" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-11112", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2020-11112", | |
| "markdown": "<b>Recommendations for [CVE-2020-11112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11112):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.9.10.4,2.10.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2020-11112)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-11112", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11112" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-14439", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2019-14439", | |
| "markdown": "<b>Recommendations for [CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439):</b><br/><br/>* Upgrade to version 2.9.9.2.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2019-14439)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-14439", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-14719", | |
| "message": { | |
| "text": "jackson-databind-2.9.5.jar is affected by CVE-2018-14719", | |
| "markdown": "<b>Recommendations for [CVE-2018-14719](https://osv.dev/vulnerability/GHSA-4gq5-ch57-c2mg):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-databind:2.7.9.5,2.8.11.3,2.9.7.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar (CVE-2018-14719)\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-14719", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://osv.dev/vulnerability/GHSA-4gq5-ch57-c2mg" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "WS-2022-0468", | |
| "message": { | |
| "text": "jackson-core-2.9.5.jar is affected by WS-2022-0468", | |
| "markdown": "<b>Recommendations for [WS-2022-0468](https://github.com/FasterXML/jackson-core/issues/861):</b><br/><br/>* Upgrade to version com.fasterxml.jackson.core:jackson-core:2.15.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar (WS-2022-0468)\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "WS-2022-0468", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/FasterXML/jackson-core/issues/861" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2015-7501", | |
| "message": { | |
| "text": "commons-collections-3.2.1.jar is affected by CVE-2015-7501", | |
| "markdown": "<b>Recommendations for [CVE-2015-7501](https://bugzilla.redhat.com/show_bug.cgi?id=1279330):</b><br/><br/>* Upgrade to version commons-collections:commons-collections:3.2.2;org.apache.commons:commons-collections4:4.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar (CVE-2015-7501)\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2015-7501", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2015-4852", | |
| "message": { | |
| "text": "commons-collections-3.2.1.jar is affected by CVE-2015-4852", | |
| "markdown": "<b>Recommendations for [CVE-2015-4852](https://www.openwall.com/lists/oss-security/2015/11/17/19):</b><br/><br/>* Upgrade to version commons-collections:commons-collections:3.2.2.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar (CVE-2015-4852)\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2015-4852", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://www.openwall.com/lists/oss-security/2015/11/17/19" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-13116", | |
| "message": { | |
| "text": "commons-collections-3.2.1.jar is affected by CVE-2019-13116", | |
| "markdown": "<b>Recommendations for [CVE-2019-13116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13116):</b><br/><br/>* Upgrade to version commons-collections:commons-collections:3.2.2.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar (CVE-2019-13116)\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-13116", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13116" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2015-6420", | |
| "message": { | |
| "text": "commons-collections-3.2.1.jar is affected by CVE-2015-6420", | |
| "markdown": "<b>Recommendations for [CVE-2015-6420](https://github.com/apache/commons-collections/tree/collections-3.2.2,https://github.com/apache/commons-collections/tree/collections-4.1):</b><br/><br/>* Upgrade to version commons-collections:commons-collections3.2.2,org.apache.commons:commons-collections4:4.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar (CVE-2015-6420)\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2015-6420", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/commons-collections/tree/collections-3.2.2,https://github.com/apache/commons-collections/tree/collections-4.1" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2017-15708", | |
| "message": { | |
| "text": "commons-collections-3.2.1.jar is affected by CVE-2017-15708", | |
| "markdown": "<b>Recommendations for [CVE-2017-15708](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15708):</b><br/><br/>* Upgrade to version org.apache.synapse:Apache-Synapse:3.0.1;commons-collections:commons-collections:3.2.2.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar (CVE-2017-15708)\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2017-15708", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15708" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2017-9801", | |
| "message": { | |
| "text": "commons-email-1.1.jar is affected by CVE-2017-9801", | |
| "markdown": "<b>Recommendations for [CVE-2017-9801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9801):</b><br/><br/>* Upgrade to version 1.5.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar (CVE-2017-9801)\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2017-9801", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9801" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-1294", | |
| "message": { | |
| "text": "commons-email-1.1.jar is affected by CVE-2018-1294", | |
| "markdown": "<b>Recommendations for [CVE-2018-1294](https://github.com/advisories/GHSA-v7cm-w955-pj6g):</b><br/><br/>* Upgrade to version org.apache.commons:commons-email:1.5.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar (CVE-2018-1294)\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-1294", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/advisories/GHSA-v7cm-w955-pj6g" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2023-41835", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2023-41835", | |
| "markdown": "<b>Recommendations for [CVE-2023-41835](https://www.cve.org/CVERecord?id=CVE-2023-41835):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.5.32,6.1.2.2,6.3.0.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2023-41835)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2023-41835", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://www.cve.org/CVERecord?id=CVE-2023-41835" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2024-53677", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2024-53677", | |
| "markdown": "<b>Recommendations for [CVE-2024-53677](https://cwiki.apache.org/confluence/display/WW/S2-067):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:6.4.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2024-53677)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2024-53677", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://cwiki.apache.org/confluence/display/WW/S2-067" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-4003", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4003", | |
| "markdown": "<b>Recommendations for [CVE-2016-4003](https://github.com/apache/struts/tree/STRUTS_2_3_28/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.28.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-4003)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-4003", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_28/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-0230", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2019-0230", | |
| "markdown": "<b>Recommendations for [CVE-2019-0230](https://cwiki.apache.org/confluence/display/ww/s2-059):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.5.22.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2019-0230)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-0230", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://cwiki.apache.org/confluence/display/ww/s2-059" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-4436", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4436", | |
| "markdown": "<b>Recommendations for [CVE-2016-4436](https://github.com/apache/struts/tree/STRUTS_2_3_29/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.29,org.apache.struts:struts2-core:2.5.1.3.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-4436)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-4436", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_29/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2021-31805", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2021-31805", | |
| "markdown": "<b>Recommendations for [CVE-2021-31805](https://cwiki.apache.org/confluence/display/WW/S2-062):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.5.30.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2021-31805)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2021-31805", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://cwiki.apache.org/confluence/display/WW/S2-062" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-4430", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4430", | |
| "markdown": "<b>Recommendations for [CVE-2016-4430](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4430):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.29.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-4430)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-4430", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4430" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2015-2992", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2015-2992", | |
| "markdown": "<b>Recommendations for [CVE-2015-2992](https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2992):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.20.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2015-2992)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2015-2992", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2992" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2015-5209", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2015-5209", | |
| "markdown": "<b>Recommendations for [CVE-2015-5209](https://nvd.nist.gov/vuln/detail/CVE-2015-5209):</b><br/><br/>* Upgrade to version 2.3.24.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2015-5209)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2015-5209)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2015-5209", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5209" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2015-5169", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2015-5169", | |
| "markdown": "<b>Recommendations for [CVE-2015-5169](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5169):</b><br/><br/>* Upgrade to version 2.3.20.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2015-5169)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2015-5169", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5169" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-3093", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-3093", | |
| "markdown": "<b>Recommendations for [CVE-2016-3093](https://nvd.nist.gov/vuln/detail/CVE-2016-3093):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.28,ognl:ognl:3.0.12.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-3093)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar (CVE-2016-3093)\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar (CVE-2016-3093)\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-3093", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3093" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-3082", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-3082", | |
| "markdown": "<b>Recommendations for [CVE-2016-3082](https://github.com/apache/struts/tree/STRUTS_2_3_28_1/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.20.3,org.apache.struts:struts2-core:2.3.24.3,org.apache.struts:struts2-core: 2.3.28.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-3082)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-3082", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_28_1/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2023-50164", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2023-50164", | |
| "markdown": "<b>Recommendations for [CVE-2023-50164](https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.5.33,6.3.0.2.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2023-50164)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2023-50164", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-3087", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-3087", | |
| "markdown": "<b>Recommendations for [CVE-2016-3087](https://github.com/apache/struts/tree/STRUTS_2_3_28_1/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.20.3,org.apache.struts:struts2-core:2.3.24.3,org.apache.struts:struts2-core: 2.3.28.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-3087)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-3087", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_28_1/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2023-34149", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2023-34149", | |
| "markdown": "<b>Recommendations for [CVE-2023-34149](https://github.com/advisories/GHSA-8f6x-v685-g2xc):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.5.31,6.1.2.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2023-34149)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2023-34149", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/advisories/GHSA-8f6x-v685-g2xc" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-11776", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2018-11776", | |
| "markdown": "<b>Recommendations for [CVE-2018-11776](https://nvd.nist.gov/vuln/detail/CVE-2018-11776):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core - 2.3.35,2.5.17;org.apache.struts:struts2-rest-plugin - 2.3.34,2.5.17.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2018-11776)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-11776", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2017-9787", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2017-9787", | |
| "markdown": "<b>Recommendations for [CVE-2017-9787](https://github.com/apache/struts/tree/STRUTS_2_3_33/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.33,org.apache.struts:struts2-core:2.5.12.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2017-9787)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2017-9787)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2017-9787", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_33/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-6795", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-6795", | |
| "markdown": "<b>Recommendations for [CVE-2016-6795](https://github.com/apache/struts/tree/STRUTS_2_3_31/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.31,org.apache.struts:struts2-core:2.5.5.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-6795)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-6795", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_31/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-4465", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4465", | |
| "markdown": "<b>Recommendations for [CVE-2016-4465](https://github.com/apache/struts/tree/STRUTS_2_3_29/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.29, \torg.apache.struts.xwork:xwork-core:2.3.29.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-4465)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2016-4465)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-4465", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_29/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2019-0233", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2019-0233", | |
| "markdown": "<b>Recommendations for [CVE-2019-0233](https://cwiki.apache.org/confluence/display/ww/s2-060):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.5.22.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2019-0233)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2019-0233", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cwiki.apache.org/confluence/display/ww/s2-060" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2017-12611", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2017-12611", | |
| "markdown": "<b>Recommendations for [CVE-2017-12611](https://cwiki.apache.org/confluence/display/WW/S2-053):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.34;org.apache.struts:struts2-core:2.5.12.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2017-12611)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2017-12611", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://cwiki.apache.org/confluence/display/WW/S2-053" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-4433", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4433", | |
| "markdown": "<b>Recommendations for [CVE-2016-4433](https://github.com/apache/struts/tree/STRUTS_2_3_29):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.29,\torg.apache.struts.xwork:xwork-core:2.3.29.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-4433)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2016-4433)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-4433", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_29" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-4431", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-4431", | |
| "markdown": "<b>Recommendations for [CVE-2016-4431](https://github.com/apache/struts/tree/STRUTS_2_3_29/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.29.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-4431)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-4431", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_29/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-3081", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2016-3081", | |
| "markdown": "<b>Recommendations for [CVE-2016-3081](https://github.com/apache/struts/tree/STRUTS_2_3_28_1/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.20.3,org.apache.struts:struts2-core:2.3.24.3,org.apache.struts:struts2-core: 2.3.28.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-3081)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-3081", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_28_1/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2020-17530", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2020-17530", | |
| "markdown": "<b>Recommendations for [CVE-2020-17530](https://cwiki.apache.org/confluence/display/WW/S2-061):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.5.26.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2020-17530)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2020-17530", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://cwiki.apache.org/confluence/display/WW/S2-061" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2017-5638", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2017-5638", | |
| "markdown": "<b>Recommendations for [CVE-2017-5638](https://github.com/apache/struts/tree/STRUTS_2_3_32/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.32,org.apache.struts:struts2-core:2.5.10.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2017-5638)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2017-5638", | |
| "severity": "CRITICAL", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_32/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2017-9804", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2017-9804", | |
| "markdown": "<b>Recommendations for [CVE-2017-9804](https://github.com/apache/struts/tree/STRUTS_2_3_34/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.34,org.apache.struts:struts2-core:2.5.13.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2017-9804)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2017-9804)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2017-9804", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_34/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2023-34396", | |
| "message": { | |
| "text": "struts2-core-2.3.20.jar is affected by CVE-2023-34396", | |
| "markdown": "<b>Recommendations for [CVE-2023-34396](https://github.com/advisories/GHSA-4g42-gqrg-4633):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.5.31,6.1.2.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2023-34396)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2023-34396", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/advisories/GHSA-4g42-gqrg-4633" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-3092", | |
| "message": { | |
| "text": "commons-fileupload-1.3.1.jar is affected by CVE-2016-3092", | |
| "markdown": "<b>Recommendations for [CVE-2016-3092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092):</b><br/><br/>* Upgrade to version org.apache.tomcat.embed:tomcat-embed-core:9.0.0.M8,8.5.3,8.0.36,7.0.70,org.apache.tomcat:tomcat-coyote:9.0.0.M8,8.5.3,8.0.36,7.0.70,commons-fileupload:commons-fileupload:1.3.2.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar (CVE-2016-3092)\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-3092", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-1000031", | |
| "message": { | |
| "text": "commons-fileupload-1.3.1.jar is affected by CVE-2016-1000031", | |
| "markdown": "<b>Recommendations for [CVE-2016-1000031](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031):</b><br/><br/>* Upgrade to version 1.3.3.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar (CVE-2016-1000031)\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-1000031", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "WS-2014-0034", | |
| "message": { | |
| "text": "commons-fileupload-1.3.1.jar is affected by WS-2014-0034", | |
| "markdown": "<b>Recommendations for [WS-2014-0034](https://github.com/apache/commons-fileupload/commit/5b4881d7f75f439326f54fa554a9ca7de6d60814):</b><br/><br/>* Upgrade to version commons-fileupload:commons-fileupload:1.4.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar (WS-2014-0034)\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "WS-2014-0034", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/commons-fileupload/commit/5b4881d7f75f439326f54fa554a9ca7de6d60814" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2023-24998", | |
| "message": { | |
| "text": "commons-fileupload-1.3.1.jar is affected by CVE-2023-24998", | |
| "markdown": "<b>Recommendations for [CVE-2023-24998](https://tomcat.apache.org/security-10.html):</b><br/><br/>* Upgrade to version commons-fileupload:commons-fileupload:1.5;org.apache.tomcat:tomcat-coyote:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat.embed:tomcat-embed-core:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-util:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-catalina:8.5.85,9.0.71,10.1.5,11.0.0-M3.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar (CVE-2023-24998)\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2023-24998", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://tomcat.apache.org/security-10.html" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2024-47554", | |
| "message": { | |
| "text": "commons-io-2.2.jar is affected by CVE-2024-47554", | |
| "markdown": "<b>Recommendations for [CVE-2024-47554](https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1):</b><br/><br/>* Upgrade to version commons-io:commons-io:2.14.0.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar (CVE-2024-47554)\n| \u251c\u2500 commons-io-2.2.jar (CVE-2024-47554)\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar (CVE-2024-47554)\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar (CVE-2024-47554)\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2024-47554", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2021-29425", | |
| "message": { | |
| "text": "commons-io-2.2.jar is affected by CVE-2021-29425", | |
| "markdown": "<b>Recommendations for [CVE-2021-29425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425):</b><br/><br/>* Upgrade to version commons-io:commons-io:2.7.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar (CVE-2021-29425)\n| \u251c\u2500 commons-io-2.2.jar (CVE-2021-29425)\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar (CVE-2021-29425)\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar (CVE-2021-29425)\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2021-29425", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-3093", | |
| "message": { | |
| "text": "ognl-3.0.6.jar is affected by CVE-2016-3093", | |
| "markdown": "<b>Recommendations for [CVE-2016-3093](https://nvd.nist.gov/vuln/detail/CVE-2016-3093):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.28,ognl:ognl:3.0.12.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-3093)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar (CVE-2016-3093)\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar (CVE-2016-3093)\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-3093", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3093" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2017-9787", | |
| "message": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2017-9787", | |
| "markdown": "<b>Recommendations for [CVE-2017-9787](https://github.com/apache/struts/tree/STRUTS_2_3_33/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.33,org.apache.struts:struts2-core:2.5.12.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2017-9787)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2017-9787)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2017-9787", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_33/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-4465", | |
| "message": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2016-4465", | |
| "markdown": "<b>Recommendations for [CVE-2016-4465](https://github.com/apache/struts/tree/STRUTS_2_3_29/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.29, \torg.apache.struts.xwork:xwork-core:2.3.29.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-4465)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2016-4465)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-4465", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_29/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-0785", | |
| "message": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2016-0785", | |
| "markdown": "<b>Recommendations for [CVE-2016-0785](https://github.com/apache/struts/tree/STRUTS_2_3_28):</b><br/><br/>* Upgrade to version org.apache.struts.xwork:xwork-core:2.3.28.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2016-0785)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-0785", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_28" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-4461", | |
| "message": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2016-4461", | |
| "markdown": "<b>Recommendations for [CVE-2016-4461](https://github.com/apache/struts/tree/STRUTS_2_3_29/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.29.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2016-4461)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-4461", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_29/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-2162", | |
| "message": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2016-2162", | |
| "markdown": "<b>Recommendations for [CVE-2016-2162](https://github.com/apache/struts/tree/STRUTS_2_3_25):</b><br/><br/>* Upgrade to version org.apache.struts.xwork:xwork-core:2.3.25.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2016-2162)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-2162", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_25" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2016-4433", | |
| "message": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2016-4433", | |
| "markdown": "<b>Recommendations for [CVE-2016-4433](https://github.com/apache/struts/tree/STRUTS_2_3_29):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.29,\torg.apache.struts.xwork:xwork-core:2.3.29.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2016-4433)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2016-4433)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2016-4433", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_29" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2015-5209", | |
| "message": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2015-5209", | |
| "markdown": "<b>Recommendations for [CVE-2015-5209](https://nvd.nist.gov/vuln/detail/CVE-2015-5209):</b><br/><br/>* Upgrade to version 2.3.24.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2015-5209)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2015-5209)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2015-5209", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5209" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2017-9804", | |
| "message": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2017-9804", | |
| "markdown": "<b>Recommendations for [CVE-2017-9804](https://github.com/apache/struts/tree/STRUTS_2_3_34/):</b><br/><br/>* Upgrade to version org.apache.struts:struts2-core:2.3.34,org.apache.struts:struts2-core:2.5.13.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar (CVE-2017-9804)\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2017-9804)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2017-9804", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://github.com/apache/struts/tree/STRUTS_2_3_34/" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2015-1831", | |
| "message": { | |
| "text": "xwork-core-2.3.20.jar is affected by CVE-2015-1831", | |
| "markdown": "<b>Recommendations for [CVE-2015-1831](https://nvd.nist.gov/vuln/detail/CVE-2015-1831):</b><br/><br/>* Upgrade to version org.apache.struts.xwork:xwork-core - 2.3.20.1.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar (CVE-2015-1831)\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2015-1831", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1831" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2021-22096", | |
| "message": { | |
| "text": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2021-22096", | |
| "markdown": "<b>Recommendations for [CVE-2021-22096](https://tanzu.vmware.com/security/cve-2021-22096):</b><br/><br/>* Upgrade to version org.springframework:spring-core:5.2.18.RELEASE,5.3.12;org.springframework:spring-web:5.2.18.RELEASE,5.3.12;org.springframework:spring-webmvc:5.2.18.RELEASE,5.3.12;org.springframework:spring-webflux:5.2.18.RELEASE,5.3.12.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2021-22096)\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2021-22096)\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2021-22096)\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2021-22096", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://tanzu.vmware.com/security/cve-2021-22096" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2021-22060", | |
| "message": { | |
| "text": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2021-22060", | |
| "markdown": "<b>Recommendations for [CVE-2021-22060](https://spring.io/security/cve-2021-22060):</b><br/><br/>* Upgrade to version org.springframework:spring-core:5.2.19, 5.3.14;org.springframework:spring-web:5.2.19, 5.3.14.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2021-22060)\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2021-22060)\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2021-22060)\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2021-22060", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://spring.io/security/cve-2021-22060" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-1272", | |
| "message": { | |
| "text": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2018-1272", | |
| "markdown": "<b>Recommendations for [CVE-2018-1272](https://tanzu.vmware.com/security/cve-2018-1272):</b><br/><br/>* Upgrade to version org.springframework:spring-core:4.3.15.RELEASE,5.0.5.RELEASE;org.springframework:spring-web:4.3.15.RELEASE,5.0.5.RELEASE.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2018-1272)\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2018-1272)\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2018-1272)\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-1272", | |
| "severity": "HIGH", | |
| "description": "Upgrade to version", | |
| "url": "https://tanzu.vmware.com/security/cve-2018-1272" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2018-1199", | |
| "message": { | |
| "text": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2018-1199", | |
| "markdown": "<b>Recommendations for [CVE-2018-1199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199):</b><br/><br/>* Upgrade to version org.springframework.security:spring-security-web:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework.security:spring-security-config:4.1.5.RELEASE,4.2.4.RELEASE,5.0.1.RELEASE;org.springframework:spring-core:4.3.14.RELEASE,5.0.3.RELEASE.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2018-1199)\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2018-1199)\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2018-1199)\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2018-1199", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199" | |
| } | |
| } | |
| }, | |
| { | |
| "ruleId": "CVE-2022-22970", | |
| "message": { | |
| "text": "spring-core-4.3.13.RELEASE.jar is affected by CVE-2022-22970", | |
| "markdown": "<b>Recommendations for [CVE-2022-22970](https://tanzu.vmware.com/security/cve-2022-22970):</b><br/><br/>* Upgrade to version org.springframework:spring-beans:5.2.22,5.3.20;org.springframework:spring-core:5.2.22,5.3.20.<br/><br/><b>Dependency tree</b><br/><br/>\u251c\u2500 jackson-databind-2.9.5.jar\n| \u251c\u2500 jackson-annotations-2.9.0.jar\n| \u2514\u2500 jackson-core-2.9.5.jar\n\u251c\u2500 commons-collections-3.2.1.jar\n\u251c\u2500 commons-email-1.1.jar\n| \u251c\u2500 commons-logging-1.2.jar\n| \u251c\u2500 activation-1.1.jar\n| \u2514\u2500 mail-1.4.jar\n| \u2514\u2500 activation-1.1.jar\n\u251c\u2500 struts2-core-2.3.20.jar\n| \u251c\u2500 commons-fileupload-1.3.1.jar\n| | \u2514\u2500 commons-io-2.2.jar\n| \u251c\u2500 commons-io-2.2.jar\n| \u251c\u2500 ognl-3.0.6.jar\n| | \u2514\u2500 javassist-3.11.0.GA.jar\n| \u251c\u2500 xwork-core-2.3.20.jar\n| | \u251c\u2500 commons-io-2.2.jar\n| | \u251c\u2500 commons-logging-1.2.jar\n| | \u251c\u2500 ognl-3.0.6.jar\n| | \u251c\u2500 commons-lang3-3.2.jar\n| | | \u2514\u2500 commons-io-2.2.jar\n| | \u251c\u2500 asm-commons-5.0.2.jar\n| | | \u2514\u2500 asm-tree-5.0.2.jar\n| | | \u2514\u2500 asm-5.0.2.jar\n| | \u251c\u2500 asm-5.0.2.jar\n| | \u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2022-22970)\n| \u251c\u2500 freemarker-2.3.19.jar\n| \u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2022-22970)\n\u2514\u2500 spring-core-4.3.13.RELEASE.jar (CVE-2022-22970)\n \u2514\u2500 commons-logging-1.2.jar<br/>" | |
| }, | |
| "locations": [ | |
| { | |
| "physicalLocation": { | |
| "artifactLocation": { | |
| "uri": "/java/work/mend-poc-webgoat/pom.xml" | |
| } | |
| } | |
| } | |
| ], | |
| "properties": { | |
| "vulnerability": { | |
| "id": "CVE-2022-22970", | |
| "severity": "MEDIUM", | |
| "description": "Upgrade to version", | |
| "url": "https://tanzu.vmware.com/security/cve-2022-22970" | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment