Highest Voted 'cve' Questions

0

votes

1 answer

Element not excluded in dependencyManagement of parent, failure of OWASP-check

I have a project which contains, in its configuration POM, a BOM-reference in the dependencyManagement section. The normal build lifecycle stages run perfectly fine. When I am doing an OWASP-security analysis (mvn…

asked Jul 18 '22 at 13:26

Patrick Flege

1

0

votes

1 answer

How does a CVE id work? How they are created ? where we can find the official cve list?

I was intrested about the process that happens in cve logging. I have gone through the following website, but i am having a thought only few details are there. and also want to know is there any official site for…

security cve hacker-news-api

asked Jul 18 '22 at 09:40

Mohan Raj

167
12

0

votes

3 answers

Extract CVE from a text column

I need to extract a CVE from a text column. The format is CVE-yyyy-xxxxx. The year(yyyy) is variable, and the x’s will change per CVE - can be 1 to 6 digits. Sometimes the CVE is enclosed in (), sometimes followed by : The column is like: the…

sql postgresql pattern-matching extract cve

asked Jun 22 '22 at 19:01

Udit Krishna

3
2

0

votes

1 answer

CVE-2021-20289 - migrate from Resteasy jaxrs 3 to RESTEasy > 4.6.0

The vulnerability scan system detects a CVE regarding RestEasy 3.7.0: CVE-2021-20289 https://nvd.nist.gov/vuln/detail/CVE-2021-20289, which states RESTEasy should upgrade to above 4.6.0.Final. But, here comes the question: RESTEasy > 4 does not…

resteasy cve

asked Jun 10 '22 at 10:35

WesternGun

11,303
6
88
157

0

votes

1 answer

CVE-2022-22976 spring boot 2.7.0

I have spring boot project version 2.7.0. I use the dependency-check and it reports CVE-2022-22976. Do you know how I can solve it? Spring security version is 5.7.1 while spring starter security version is 2.7.0.

spring-boot maven security cve

asked Jun 08 '22 at 09:44

Lako12

154
1
10

0

votes

0 answers

What will happen If I remove some extensions folder to remove false positive CVE?

I'm using Code-Server to create a container image based on Code-Server and other tools. When I use grype scanner, I'm getting a lot of False Positive vulnerabilities related to the extensions folder. These are some of them: False positive CVE…

visual-studio-code cve code-server

asked May 26 '22 at 15:30

Andrés M. Gómez

1
1

0

votes

0 answers

CVE-2022-22970 - Spring Framework DoS via Data Binding to MultipartFile or Servlet Part

This issue was brought up recently but there are no mention anywhere on how to fix it in older spring versions. (< 5.x) other than upgrade to latest Spring jar. Currently our web-app is using 4.1.5. The article merely states Older, unsupported…

java spring spring-mvc cve

asked May 26 '22 at 15:14

yonikawa

581
1
9
32

0

votes

0 answers

GitLab CVE-2022-29824 libxml2

The module libxml2 contained in several components of GitLab version 14.9.x is vulnerable to out-of-bounds memory writes as described in https://security-tracker.debian.org/tracker/CVE-2022-29824. GitLab seems to not patching it or mitigating the…

gitlab libxml2 cve

asked May 12 '22 at 06:21

duyhung

1
1

0

votes

0 answers

Show APP_KEY in Laravel debug mode

I'm trying to build a vulnerable Laravel webserver to exploit the CVE-2018-15133. To exploit this vulnerability, the webserver needs to print out the APP_KEY in the debug view of laravel. I've installed Laravel 5.5.40, which is vulnerable, and I was…

php laravel debug-mode cve

asked May 02 '22 at 21:01

matteosantini

1
1

0

votes

2 answers

spring-boot-starter-data-cassandra-reactive depends on CVE-2020-13946 native-protocol-1.5.0.jar

Small question regarding a SpringBoot project please. Currently with version 2.6.x, I am developing a very small web application storing data inside Cassandra. Unfortunately, it seems from the dependency tree, it is carrying a vulnerable…

java spring-boot cassandra datastax cve

asked Apr 29 '22 at 08:19

PatPanda

3,644
9
58
154

0

votes

1 answer

Cannot find root cause of CVE-2017-1000487 for plexus-utils-3.0.10.jar

Small question regarding a CVE-2017-1000487 found for plexus-utils-3.0.10.jar, but I do not have this anywhere in my project. 100% reproducible with this pom:

java maven cve

asked Apr 20 '22 at 04:25

PatPanda

3,644
9
58
154

0

votes

0 answers

Spring boot failed to run after overriding the Jackson dependencies in gradle to avoid CVE-2018-7658

Springboot 2.6.6 version application failed to start after overiding the jackson dependencies to avoid CVE-2018-7658 by default springboot comes with jackson 2.13.2 version need to downgrade to 2.9.5 version to avoid vulnerability but application…

java spring-boot gradle jackson cve

asked Apr 19 '22 at 16:39

Nithish reddy

1
2

0

votes

2 answers

how do I find examples of code with CVE vulns in it?

Sup, everyone. I wanted to see how different CVE vulnerabilities look in real code examples. Not exploits, but vulnerable code. So, does anyone know if there is a site, git repo or anything with such stuff? Or i just have to search git for fixes of…

security cve

asked Apr 19 '22 at 08:33

braintimeout

1
2

0

votes

1 answer

Preconditions for SpEL DoS vulnerability CVE-2022-22950?

I'm a little confused about CVE-2022-22950 and the corresponding Spring advisory. The latter says that the vulnerability can be exploited through: [...] specially crafted SpEL expression [...] However, an application that allows users to craft…

spring spring-el denial-of-service cve

asked Apr 11 '22 at 12:44

meeque

13
3

0

votes

1 answer

how to resolve cve CVE-2020-28052 json-schema for npm

By performing a dependency check using owasp 7.0.4 on my project, which uses java for BE and JS for BFE, i got ceveral CVEs noted over 8. One is the json-schema package used by npm. This the packages configuration in the…

npm package.json cve npm-vulnerabilities

asked Apr 04 '22 at 07:54

Bratar

19
2

Prev 1 2 3

4

5 Next

Questions tagged [cve]