Project | firehose |
---|---|
Path | /Users/sanjogpanda/Desktop/firehose |
Package Manager | gradle |
Manifest | build.gradle |
Denial of Service (DoS)
Remediation
Upgrade xerces:xercesImpl
to version 2.12.0 or higher.
Details
Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
Two common types of DoS vulnerabilities:
High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm
ws
package
References
Man-in-the-Middle (MitM)
Remediation
Upgrade org.postgresql:postgresql
to version 42.2.5 or higher.
References
XML External Entity (XXE) Injection
Remediation
Upgrade org.postgresql:postgresql
to version 42.2.13 or higher.
References
Privilege Escalation
Remediation
Upgrade org.elasticsearch:elasticsearch
to version 5.6.15, 6.6.1 or higher.
References
Information Exposure
Remediation
Upgrade org.elasticsearch:elasticsearch
to version 5.6.12, 6.4.1 or higher.
References
Privilege Escalation
Remediation
Upgrade org.eclipse.jetty:jetty-webapp
to version 9.4.33.v20201020, jetty-10.0.0.beta3, 11.0.0.beta3 or higher.
References
Timing Attack
Remediation
Upgrade org.eclipse.jetty:jetty-util
to versions 9.2.22, 9.3.20, 9.4.6 or higher.
References
Authorization Bypass
Remediation
Upgrade org.eclipse.jetty:jetty-server
to versions 9.2.25, 9.3.24, 9.4.11 or higher.
References
Cache Poisoning
Remediation
Upgrade org.eclipse.jetty:jetty-server
to version 9.3.24.v20180605, 9.4.11.v20180605 or higher.
References
Cache Poisoning
Remediation
Upgrade org.eclipse.jetty:jetty-http
to version 9.3.24.v20180605, 9.4.11.v20180605 or higher.
References
Information Exposure
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on
to version 1.61 or higher.
References
Insufficient Validation
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on
to version 1.56 or higher.
References
Insecure Encryption
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on
to version 1.56 or higher.
References
Insecure Encryption
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on
to version 1.56 or higher.
References
Signature Validation Bypass
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on
to version 1.56 or higher.
References
Insecure Encryption
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on
to version 1.56 or higher.
References
Insecure Encryption
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on
to version 1.56 or higher.
References
Denial of Service (DoS)
Remediation
A fix was pushed into the master
branch but not yet published.
References
Denial of Service (DoS)
Remediation
Upgrade org.apache.thrift:libthrift
to version 0.13.0 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade org.apache.commons:commons-collections4
to version 4.1 or higher.
References
HTTP Request Smuggling
Remediation
Upgrade io.netty:netty-codec-http
to version 4.1.44.Final or higher.
References
HTTP Request Smuggling
Remediation
Upgrade io.netty:netty-codec-http
to version 4.1.44.Final or higher.
References
Uncontrolled Memory Allocation
Remediation
Upgrade io.netty:netty-codec
to version 4.1.46.Final or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.thoughtworks.xstream:xstream
to version 1.4.14 or higher.
References
XML External Entity (XXE) Injection
Remediation
Fixed in: 1.4.9
Denial of Service (DoS)
Remediation
Upgrade com.thoughtworks.xstream:xstream
to version 1.4.10 or higher.
References
Denial of Service (DoS)
Remediation
Upgrade com.fasterxml.jackson.dataformat:jackson-dataformat-cbor
to version 2.11.4, 2.12.1 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.6 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.7 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.9, 2.8.11.4, 2.7.9.6, 2.6.7.3 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.1, 2.7.9.1, 2.8.9 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.1, 2.7.9.1, 2.8.10 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.8.11, 2.9.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.8.11, 2.9.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.8.11.1, 2.9.5 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.9.1, 2.8.11.4, 2.7.9.6 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.9.1, 2.8.11.4, 2.7.9.6 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.9.2, 2.8.11.4, 2.7.9.6 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10, 2.8.11.5, 2.6.7.3 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10, 2.8.11.5, 2.6.7.3 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10, 2.8.11.5, 2.6.7.3 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.1, 2.8.11.5, 2.6.7.3 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.1, 2.8.11.5, 2.6.7.3 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.1 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.2 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.7.9.7, 2.8.11.5, 2.9.10.3 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.7.9.7, 2.8.11.6, 2.9.10.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.3, 2.8.11.5, 2.9.10.3 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.7.9.7, 2.8.11.6, 2.9.10.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.4 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.5 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.5 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.5 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.5 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.4, 2.9.10.6 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.3, 2.7.9.4, 2.8.11.2, 2.9.6 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.3, 2.7.9.4, 2.8.11.2, 2.9.5 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.3, 2.7.9.4, 2.8.11.2, 2.9.6 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.7 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.7 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.7 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.7 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.8 or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.6.7.3, 2.7.9.5, 2.8.11.3, 2.9.8 or higher.
References
Arbitrary Code Execution
Remediation
Upgrade ch.qos.logback:logback-core
to version 1.1.11 or higher.
References
Arbitrary Code Execution
Remediation
Upgrade ch.qos.logback:logback-classic
to version 1.2.0 or higher.
References
Denial of Service (DoS)
Remediation
Upgrade xerces:xercesimpl
to version 2.11.0.SP5 or higher.
References
Denial of Service (DoS)
Remediation
Upgrade xerces:xercesimpl
to version 2.11.0 or higher.
References
Denial of Service (DoS)
Remediation
Upgrade xerces:xercesimpl
to version 2.10.0 or higher.
References
Improper Input Validation
Remediation
Upgrade xerces:xercesimpl
to version 2.12.0.SP03 or higher.
References
Denial of Service (DoS)
Remediation
Upgrade org.yaml:snakeyaml
to version 1.26 or higher.
References
Race Condition
Remediation
Upgrade org.elasticsearch:elasticsearch
to version 6.8.2, 7.2.1 or higher.
References
Cross-site Scripting (XSS)
Remediation
Upgrade org.eclipse.jetty:jetty-util
to version 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 or higher.
References
Information Exposure
Remediation
Upgrade org.eclipse.jetty:jetty-server
to version 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 or higher.
References
Cross-site Scripting (XSS)
Remediation
Upgrade org.eclipse.jetty:jetty-server
to version 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 or higher.
References
Directory Traversal
Remediation
Upgrade Codehaus Plexus
to version 3.0.24
or higher.
References
Timing Attack
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on
to version 1.56 o higher.
References
Cryptographic Issues
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on
to version 1.56 or higher.
References
Improper Input Validation
Remediation
Upgrade org.apache.httpcomponents:httpclient
to version 4.5.13 or higher.
References
Denial of Service (DoS)
Remediation
There is no fixed version for net.minidev:json-smart
.
References
Improper Certificate Validation
Remediation
There is no fixed version for io.netty:netty-handler
.
References
Denial of Service (DoS)
Remediation
Upgrade io.netty:netty-codec-http2
to version 4.1.39.Final or higher.
References
Denial of Service (DoS)
Remediation
Upgrade io.netty:netty-codec-http2
to version 4.1.39.Final or higher.
References
Denial of Service (DoS)
Remediation
Upgrade io.netty:netty-codec-http2
to version 4.1.39.Final or higher.
References
Denial of Service (DoS)
Remediation
Upgrade io.netty:netty-codec-http2
to version 4.1.39.Final or higher.
References
Denial of Service (DoS)
Remediation
Upgrade io.netty:netty-codec-http
to version 4.1.53.Final or higher.
References
Information Disclosure
Remediation
Upgrade io.netty:netty-codec-http
to version 4.1.59.Final or higher.
References
HTTP Request Smuggling
Remediation
Upgrade io.netty:netty-codec-http
to version 4.1.42.Final or higher.
References
Information Exposure
Remediation
Upgrade io.grpc:grpc-core
to version 1.31.0 or higher.
References
Arbitrary File Deletion
Remediation
Upgrade com.thoughtworks.xstream:xstream
to version 1.4.15 or higher.
References
Server-Side Request Forgery (SSRF)
Remediation
Upgrade com.thoughtworks.xstream:xstream
to version 1.4.15 or higher.
References
Insecure XML deserialization
Remediation
Upgrade com.thoughtworks.xstream:xstream
to version 1.4.7, 1.4.11 or higher.
References
Directory Traversal
Remediation
Upgrade com.squareup.retrofit2:retrofit to version 2.5.0 or higher.
References
SSL Certificate Bypass
Remediation
Upgrade com.squareup.okhttp:okhttp
to version 2.7.4 or higher.
References
Information Disclosure
Remediation
Upgrade com.google.guava:guava
to version 30.0-android, 30.0-jre or higher.
References
Deserialization of Untrusted Data
Remediation
Upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.10.8 or higher.
References
Information Exposure
Remediation
Upgrade org.elasticsearch:elasticsearch
to version 6.8.13, 7.9.2 or higher.
References
Information Disclosure
Remediation
Upgrade org.elasticsearch:elasticsearch
to version 6.8.14, 7.10.0 or higher.
References
Information Exposure
Remediation
Upgrade org.elasticsearch:elasticsearch
to version 7.4.0, 6.8.4 or higher.
References
XML External Entity (XXE) Injection
Remediation
Upgrade org.codehaus.plexus:plexus-utils
to version 3.0.24 or higher.
References
Information Exposure
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on
to version 1.56 or higher.
References
Insufficient Validation
Remediation
Upgrade org.bouncycastle:bcprov-jdk15on
to version 1.56 or higher.
References
Information Exposure
Remediation
Upgrade junit:junit
to version 4.13.1 or higher.
References
Information Exposure
Remediation
Upgrade commons-codec:commons-codec
to version 1.13 or higher.