2 matches found
CVE-2024-23686
CVE-2024-23686 affects DependencyCheck components: Maven (9.0.0–9.0.6), CLI (9.0.0–9.0.5), and Ant (9.0.0–9.0.5). The root cause is that in debug mode, logging sensitive data exposes the NVD API Key via log files, enabling an attacker with log access to recover the key. Several connected sources ...
CVE-2018-12036
CVE-2018-12036 affects OWASP Dependency-Check prior to 3.2.0. The issue allows an attacker to write to arbitrary files by processing a crafted archive that contains directory traversal filenames, enabling arbitrary file writes. This is caused by unsafe extraction paths in the affected component. ...