2 matches found
africa.absa:inception-reporting (>=1.0.0 <=1.2.0), africa.absa:inception-reporting-api (>=1.0.0 <=1.2.0) +1452 more potentially affected by CVE-2017-9096 via com.lowagie:itext (>=1.3 <=4.2.2)
com.lowagie:itext MAVEN version =1.3, =1.0.0, =1.0.0, =0.1.0, =2.0.7, =1.0.0, =1.0.7, =5.0.0, =1.0.0, =1.0, =1.0, =1.0, =0.0.1, =0.0.1, =1.1.8, =2.4.0 and more Source cves: CVE-2017-9096 Source advisory: OSV:GHSA-86P9-X5PW-94QX...
Man-in-the-Middle (MitM)
caelum-stella is vulnerable to man-in-the-middle attacks. The library resolves dependencies via an insecure HTTP channel, allowing a man-in-the-middle attacker to intercept and modify package content and potentially introduce malicious code into the downloaded dependencies...