28 matches found
EUVD-2022-4126
Malicious code in bioql PyPI...
EUVD-2022-2715
Malicious code in bioql PyPI...
CVE-2018-12036
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...
CVE-2024-28153
Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting XSS vulnerability...
SUSE CVE-2017-1000109
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
GHSA-HCWX-7Q5V-VC67 Path Traversal in OWASP Dependency-Check
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...
Exploit for Code Injection in Vmware Spring_Framework
CVE-2022-22965Spring4Shell CVE-2022-22965 Spring4Shell, Spr...
Jenkins code issue vulnerability (CNVD-2021-93371)
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A code issue vulnerability exists in Jenkins Plugin, which stems from OWASP Dependency-Check version 5.1.1 and earlier not...
CVE-2021-43577
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
PT-2021-23882 · Jenkins · Jenkins Owasp Dependency-Check Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OWASP Dependency-Check Plugin versions 5.1.1 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows attackers who can control workspace contents to...
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
The Java-WebSocket Client does not perform hostname verification. - This means that SSL certificates of other hosts are accepted as long as they are trusted. To exploit this vulnerability an attacker has to perform a man-in-the-middle MITM attack between a Java application using the Java-WebSocke...
GHSA-GW55-JM4H-X339 Improper Validation of Certificate with Host Mismatch in Java-WebSocket
The Java-WebSocket Client does not perform hostname verification. - This means that SSL certificates of other hosts are accepted as long as they are trusted. To exploit this vulnerability an attacker has to perform a man-in-the-middle MITM attack between a Java application using the Java-WebSocke...
UPDATE: OWASP Dependency-Check 5.3.0
My first post about this open source OWASP project was about an older version. A while ago, a new version - OWASP Dependency-Check 5.3.0 was released. This post discusses the changes made to the open source software composition analysis utility in the latest release that includes a lot of bug fix...
UPDATE: OWASP Dependency-Check 5.1.0
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. Some days back, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP...
UPDATE: OWASP Dependency-Check 5.0.0
PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. About 18 hours ago, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP...
Directory traversal
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...
CVE-2018-12036
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...
CVE-2018-12036
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...
CVE-2018-12036
CVE-2018-12036 affects OWASP Dependency-Check prior to 3.2.0. The issue allows an attacker to write to arbitrary files by processing a crafted archive that contains directory traversal filenames, enabling arbitrary file writes. This is caused by unsafe extraction paths in the affected component. ...