6 matches found
Uncovering Hidden Inclusions of Vulnerable Dependencies in Real-World Java Projects
Open-source software OSS dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on open-source software also introduces significant security...
JNDIExploit
This is a Java-based exploit tool for JNDI Java Naming and Directory Interface injection vulnerabilities. The tool is designed to inject a payload into the JNDI repository, allowing an attacker to execute arbitrary code on the target system. The tool is based on the Rogue JNDI project and support...
SAVANT: Vulnerability Detection in Application Dependencies through Semantic-Guided Reachability Analysis
The integration of open-source third-party library dependencies in Java development introduces significant security risks when these libraries contain known vulnerabilities. Existing Software Composition Analysis SCA tools struggle to effectively detect vulnerable API usage from these libraries d...
This Week in Spring - April 18th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week, I just returned from Western Europe for Devoxx FR Paris and Kotlin Conf Amsterdam. I went home, saw my family, did some laundry, and then turned right back around to head to Chicago, Illinois, for a special joint...
br.com.guiabolso:hyperloop-transport (=3.0.1), cn.dustlight.fun:fun-kubeless (>=0.0.2-alpha-1 <=0.0.3-alpha-1) +268 more potentially affected by CVE-2020-28052 via org.bouncycastle:bcprov-ext-jdk15on (>=1.65 <=1.66)
org.bouncycastle:bcprov-ext-jdk15on MAVEN version =1.65, =0.0.2-alpha-1, =0.0.1-alpha, =2.7.1.5, =1.6.2, =0.0.6, =4.0.5, =2.0.2, =1.0.0, =1.0.0, =0.0.3, =1.0.1, =1.0.5 and more Source cves: CVE-2020-28052 Source advisory: OSV:GHSA-73XV-W5GP-FRXH...
ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), aero.m-click:mcpdf (>=0.2.3 <=0.2.4) +6778 more potentially affected by CVE-2016-1000344 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.55)
org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =0.2.3, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2016-1000344 Source advisory: OSV:GHSA-2J2X-HX4G-2GF4...