EUVD-2022-4126

Malicious code in bioql PyPI...

CVE-2018-12036

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...

GHSA-HCWX-7Q5V-VC67 Path Traversal in OWASP Dependency-Check

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...

Jenkins code issue vulnerability (CNVD-2021-93371)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A code issue vulnerability exists in Jenkins Plugin, which stems from OWASP Dependency-Check version 5.1.1 and earlier not...

GHSA-GW55-JM4H-X339 Improper Validation of Certificate with Host Mismatch in Java-WebSocket

The Java-WebSocket Client does not perform hostname verification. - This means that SSL certificates of other hosts are accepted as long as they are trusted. To exploit this vulnerability an attacker has to perform a man-in-the-middle MITM attack between a Java application using the Java-WebSocke...

Improper Validation of Certificate with Host Mismatch in Java-WebSocket

The Java-WebSocket Client does not perform hostname verification. - This means that SSL certificates of other hosts are accepted as long as they are trusted. To exploit this vulnerability an attacker has to perform a man-in-the-middle MITM attack between a Java application using the Java-WebSocke...

UPDATE: OWASP Dependency-Check 5.3.0

My first post about this open source OWASP project was about an older version. A while ago, a new version - OWASP Dependency-Check 5.3.0 was released. This post discusses the changes made to the open source software composition analysis utility in the latest release that includes a lot of bug fix...

UPDATE: OWASP Dependency-Check 5.1.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. Some days back, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP...

UPDATE: OWASP Dependency-Check 5.0.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. About 18 hours ago, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP...

Directory traversal

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...

CVE-2018-12036

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...

CVE-2018-12036

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...

CVE-2018-12036

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames...

CVE-2018-12036

CVE-2018-12036 affects OWASP Dependency-Check prior to 3.2.0. The issue allows an attacker to write to arbitrary files by processing a crafted archive that contains directory traversal filenames, enabling arbitrary file writes. This is caused by unsafe extraction paths in the affected component. ...

UPDATE: OWASP Dependency-Check 3.2.1

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.2.1! Actually, this post is also...

UPDATE: OWASP Dependency-Check 3.1.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.0! This release comes with...

UPDATE: OWASP Dependency-Check 3.0.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.0.0! This release comes with Java 9...