Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

About The Vulnerability Report | Getting Help: google group | github issues

This report is intended to be a quick summary of findings. It is highly recommended that you use the full HTML report to determine if any false positives have been reported. Additionally, the HTML report provides many features not found in the vulnerability report.

Vulnerability Report for spring-rest-data-exploit

Report Generated On: Feb 26, 2019 at 19:46:15 UTC

Dependencies Scanned: 81
Vulnerable Dependencies: 10

Vulnerable Dependencies

NAMECWESeverity (CVSS)Dependency
CVE-2018-1273CWE-20 Improper Input Validation High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar
CVE-2017-8046CWE-20 Improper Input Validation High(7.5)
CVE-2018-1273CWE-20 Improper Input Validation High(7.5)
CVE-2017-8046CWE-20 Improper Input Validation High(7.5)
CVE-2018-1196CWE-59 Improper Link Resolution Before File Access ('Link Following') Medium(4.3)
CVE-2016-9878CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Medium(5.0)
CVE-2018-11039CWE-20 Improper Input Validation Medium(4.3)
CVE-2018-11040CWE-254 7PK - Security Features Medium(4.3)
CVE-2018-1199CWE-20 Improper Input Validation Medium(5.0)
CVE-2018-1257CWE-20 Improper Input Validation Medium(4.0)
CVE-2018-1270CWE-358 Improperly Implemented Security Check for Standard High(7.5)
CVE-2018-1271CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Medium(4.3)
CVE-2018-1272CWE-264 Permissions, Privileges, and Access Controls Medium(6.0)
CVE-2018-1275CWE-358 Improperly Implemented Security Check for Standard High(7.5)
CVE-2018-15756CWE-399 Resource Management Errors Medium(5.0)
CVE-2017-5929CWE-502 Deserialization of Untrusted Data High(7.5)
CVE-2018-1000632CWE-91 XML Injection (aka Blind XPath Injection) Medium(6.4)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: dom4j-1.6.1.jar
CVE-2018-1273CWE-20 Improper Input Validation High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-data-commons-1.12.2.RELEASE.jar
CVE-2016-6652CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Medium(6.8)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-data-jpa-1.10.2.RELEASE.jar
CVE-2016-9878CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Medium(5.0)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-core-4.3.2.RELEASE.jar
CVE-2018-11039CWE-20 Improper Input Validation Medium(4.3)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-core-4.3.2.RELEASE.jar
CVE-2018-11040CWE-254 7PK - Security Features Medium(4.3)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-core-4.3.2.RELEASE.jar
CVE-2018-1199CWE-20 Improper Input Validation Medium(5.0)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-core-4.3.2.RELEASE.jar
CVE-2018-1257CWE-20 Improper Input Validation Medium(4.0)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-core-4.3.2.RELEASE.jar
CVE-2018-1270CWE-358 Improperly Implemented Security Check for Standard High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-core-4.3.2.RELEASE.jar
CVE-2018-1271CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Medium(4.3)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-core-4.3.2.RELEASE.jar
CVE-2018-1272CWE-264 Permissions, Privileges, and Access Controls Medium(6.0)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-core-4.3.2.RELEASE.jar
CVE-2018-1275CWE-358 Improperly Implemented Security Check for Standard High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-core-4.3.2.RELEASE.jar
CVE-2018-15756CWE-399 Resource Management Errors Medium(5.0)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: spring-core-4.3.2.RELEASE.jar
CVE-2017-15095CWE-502 Deserialization of Untrusted Data High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar
CVE-2017-17485CWE-502 Deserialization of Untrusted Data High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar
CVE-2017-7525CWE-502 Deserialization of Untrusted Data High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar
CVE-2018-1000873CWE-20 Improper Input Validation Medium(5.0)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar
CVE-2018-14719CWE-502 Deserialization of Untrusted Data High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar
CVE-2018-14720CWE-611 Improper Restriction of XML External Entity Reference ('XXE') High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar
CVE-2018-14721CWE-918 Server-Side Request Forgery (SSRF) High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar
CVE-2018-19360CWE-502 Deserialization of Untrusted Data High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar
CVE-2018-19361CWE-502 Deserialization of Untrusted Data High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar
CVE-2018-19362CWE-502 Deserialization of Untrusted Data High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar
CVE-2018-5968CWE-184 Incomplete Blacklist Medium(5.1)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar
CVE-2018-7489CWE-184 Incomplete Blacklist High(7.5)spring-rest-data-exploit-example-0.0.1-SNAPSHOT.jar: jackson-databind-2.8.1.jar



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the NPM Public Advisories.
This report may contain data retrieved from the RetireJS Community.