OSSTunnel issues

[DepShield] (CVSS 7.5) Vulnerability due to usage of org.springframework:spring-core:4.3.12.RELEASE

**Vulnerabilities** DepShield reports that this application's usage of [org.springframework:spring-core:4.3.12.RELEASE](https://ossindex.sonatype.org/component/pkg:maven/org.springframework/[email protected]) results in the following vulnerability(s): - (CVSS **7.5**) [[CVE-2018-1272] Permissions, Privileges, and Access Controls](https://ossindex.sonatype.org/vuln/aa7190e3-4c47-42d6-82f6-afaf1da5762e) **Occurrences** org.springframework:spring-core:4.3.12.RELEASE is a transitive dependency introduced...

sonatype-depshield[bot]

[DepShield] (CVSS 9.8) Vulnerability due to usage of org.bouncycastle:bcprov-jdk15on:1.59

**Vulnerabilities** DepShield reports that this application's usage of [org.bouncycastle:bcprov-jdk15on:1.59](https://ossindex.sonatype.org/component/pkg:maven/org.bouncycastle/[email protected]) results in the following vulnerability(s): - (CVSS **9.8**) [[CVE-2018-1000613] Deserialization of Untrusted Data](https://ossindex.sonatype.org/vuln/fd2210b6-0f22-45aa-aab6-1b9013f32653) - (CVSS **7.5**) [[CVE-2018-1000180] Cryptographic Issues](https://ossindex.sonatype.org/vuln/fff4d007-8be8-4150-8213-7892b22103fb) **Occurrences** org.bouncycastle:bcprov-jdk15on:1.59...

sonatype-depshield[bot]

[DepShield] (CVSS 9.8) Vulnerability due to usage of com.fasterxml.jackson.core:jackson-databind:2.9.10

**Vulnerabilities** DepShield reports that this application's usage of [com.fasterxml.jackson.core:jackson-databind:2.9.10](https://ossindex.sonatype.org/component/pkg:maven/com.fasterxml.jackson.core/[email protected]) results in the following vulnerability(s): - (CVSS **9.8**) [[CVE-2020-11620] FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction betwee...](https://ossindex.sonatype.org/vuln/323c6a23-f1e2-416d-bbcf-77b58cf7d4c4) - (CVSS **9.8**)...

sonatype-depshield[bot]

[DepShield] (CVSS 7.5) Vulnerability due to usage of org.yaml:snakeyaml:1.17

**Vulnerabilities** DepShield reports that this application's usage of [org.yaml:snakeyaml:1.17](https://ossindex.sonatype.org/component/pkg:maven/org.yaml/[email protected]) results in the following vulnerability(s): - (CVSS **7.5**) [[CVE-2017-18640] The Alias feature in SnakeYAML 1.18 allows entity expansion during a load...

sonatype-depshield[bot]

DepShield Deprecation Notice

### Depshield will be deprecated on Monday December 12th *Please install our new product, [Sonatype Lift](https://lift.sonatype.com/getting-started?utm_source=github&utm_medium=depshield) with advanced features*

sonatype-depshield[bot]

OSSTunnel
OSSTunnel copied to clipboard

Metadata

[DepShield] (CVSS 7.5) Vulnerability due to usage of org.springframework:spring-core:4.3.12.RELEASE

[DepShield] (CVSS 9.8) Vulnerability due to usage of org.bouncycastle:bcprov-jdk15on:1.59

[DepShield] (CVSS 9.8) Vulnerability due to usage of com.fasterxml.jackson.core:jackson-databind:2.9.10

[DepShield] (CVSS 7.5) Vulnerability due to usage of org.yaml:snakeyaml:1.17

DepShield Deprecation Notice

← Metadata

Owner

Metadata

OSSTunnel OSSTunnel copied to clipboard

Metadata

[DepShield] (CVSS 7.5) Vulnerability due to usage of org.springframework:spring-core:4.3.12.RELEASE

[DepShield] (CVSS 9.8) Vulnerability due to usage of org.bouncycastle:bcprov-jdk15on:1.59

[DepShield] (CVSS 9.8) Vulnerability due to usage of com.fasterxml.jackson.core:jackson-databind:2.9.10

[DepShield] (CVSS 7.5) Vulnerability due to usage of org.yaml:snakeyaml:1.17

DepShield Deprecation Notice

← Metadata

Owner

Metadata

OSSTunnel
OSSTunnel copied to clipboard