Skip to main content

Test Results

jvm-bloggers/jvm-bloggers

Vulnerabilities

 19 via 401 paths

Dependencies

 197

Source

 GitHub

Commit

 a9be8e4e

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 19
  • 10
Severity
  • 1
  • 8
  • 14
  • 6
Status
  • 29
  • 0
  • 0

critical severity

Arbitrary Command Execution

  • Vulnerable module: org.apache.wicket:wicket-util
  • Introduced through: org.apache.wicket:wicket-core@9.12.0, org.apache.wicket:wicket-auth-roles@9.12.0 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-core@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-core@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-auth-roles@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-ioc@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 de.agilecoders.wicket.webjars:wicket-webjars@3.0.6 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to de.agilecoders.wicket.webjars:wicket-webjars@4.0.4.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-bean-validation@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-bean-validation@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-auth-roles@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-ioc@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 de.agilecoders.wicket.webjars:wicket-webjars@3.0.6 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to de.agilecoders.wicket.webjars:wicket-webjars@4.0.4.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-bean-validation@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-bean-validation@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-extensions@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-extensions@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.18.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0

…and 25 more

Overview

org.apache.wicket:wicket-util is a Component-based Java web framework.

Affected versions of this package are vulnerable to Arbitrary Command Execution via XSLT injection in XSLTResourceStream.java, which does not set FEATURE_SECURE_PROCESSING by default. Exploiting this vulnerability is possible when processing input from an untrusted source without validation.

Remediation

Upgrade org.apache.wicket:wicket-util to version 8.16.0, 9.18.0, 10.1.0 or higher.

References

Arbitrary Command Execution vulnerability report

high severity

Denial of Service (DoS)

  • Vulnerable module: com.fasterxml.jackson.core:jackson-core
  • Introduced through: com.fasterxml.jackson.core:jackson-core@2.13.1, com.fasterxml.jackson.core:jackson-databind@2.13.1 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.fasterxml.jackson.core:jackson-core@2.13.1
    Remediation: Upgrade to com.fasterxml.jackson.core:jackson-core@2.15.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.fasterxml.jackson.core:jackson-databind@2.13.1 com.fasterxml.jackson.core:jackson-core@2.13.1
    Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.15.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.glassfish.jersey.media:jersey-media-json-jackson@2.37 com.fasterxml.jackson.core:jackson-databind@2.13.1 com.fasterxml.jackson.core:jackson-core@2.13.1
    Remediation: Upgrade to org.glassfish.jersey.media:jersey-media-json-jackson@2.41.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.webjars:webjars-locator@0.45 com.fasterxml.jackson.core:jackson-databind@2.13.1 com.fasterxml.jackson.core:jackson-core@2.13.1
    Remediation: Upgrade to org.webjars:webjars-locator@0.47.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.glassfish.jersey.media:jersey-media-json-jackson@2.37 com.fasterxml.jackson.module:jackson-module-jaxb-annotations@2.13.3 com.fasterxml.jackson.core:jackson-core@2.13.1
    Remediation: Upgrade to org.glassfish.jersey.media:jersey-media-json-jackson@2.41.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.webjars:webjars-locator@0.45 org.webjars:webjars-locator-core@0.50 com.fasterxml.jackson.core:jackson-core@2.13.1
    Remediation: Upgrade to org.webjars:webjars-locator@0.47.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1 com.fasterxml.jackson.core:jackson-core@2.13.1
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.glassfish.jersey.media:jersey-media-json-jackson@2.37 com.fasterxml.jackson.module:jackson-module-jaxb-annotations@2.13.3 com.fasterxml.jackson.core:jackson-databind@2.13.1 com.fasterxml.jackson.core:jackson-core@2.13.1
    Remediation: Upgrade to org.glassfish.jersey.media:jersey-media-json-jackson@2.41.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1 com.fasterxml.jackson.core:jackson-core@2.13.1
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1 com.fasterxml.jackson.core:jackson-core@2.13.1

…and 7 more

Overview

com.fasterxml.jackson.core:jackson-core is a Core Jackson abstractions, basic JSON streaming API implementation

Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing input size validation when performing numeric type conversions. A remote attacker can exploit this vulnerability by causing the application to deserialize data containing certain numeric types with large values, causing the application to exhaust all available resources.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade com.fasterxml.jackson.core:jackson-core to version 2.15.0-rc1 or higher.

References

Denial of Service (DoS) vulnerability report

high severity
new

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

  • Vulnerable module: commons-beanutils:commons-beanutils
  • Introduced through: commons-validator:commons-validator@1.7

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 commons-validator:commons-validator@1.7 commons-beanutils:commons-beanutils@1.9.4

Overview

commons-beanutils:commons-beanutils is a provides an easy-to-use but flexible wrapper around reflection and introspection.

Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') via the getProperty and getNestedProperty methods of the PropertyUtilsBean class. An attacker can execute arbitrary code by accessing the declaredClass property of Java enum objects, which allows access to the ClassLoader.

Note:

The BeanIntrospector class that can mitigate this vulnerability was added in version 1.9.2 but its usage was not enabled by default.

Remediation

Upgrade commons-beanutils:commons-beanutils to version 1.11.0 or higher.

References

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability report

high severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: org.apache.wicket:wicket-core
  • Introduced through: org.apache.wicket:wicket-core@9.12.0, org.apache.wicket:wicket-auth-roles@9.12.0 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-core@9.19.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-auth-roles@9.19.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-ioc@9.19.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.19.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-core@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 de.agilecoders.wicket.webjars:wicket-webjars@3.0.6 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to de.agilecoders.wicket.webjars:wicket-webjars@4.0.6.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-bean-validation@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-bean-validation@9.19.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.19.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.19.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-extensions@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.19.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0

…and 11 more

Overview

org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing and form handling is all handled in Java code using a first-class component model backed by POJO data beans that can easily be persisted using your favorite technology.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to a memory leak that can be triggered by an attacker sending multiple simultaneous requests to the server.

Remediation

Upgrade org.apache.wicket:wicket-core to version 9.19.0, 10.3.0 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

high severity

Denial of Service (DoS)

  • Vulnerable module: com.fasterxml.jackson.core:jackson-databind
  • Introduced through: com.fasterxml.jackson.core:jackson-databind@2.13.1, org.glassfish.jersey.media:jersey-media-json-jackson@2.37 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.13.2.1.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.glassfish.jersey.media:jersey-media-json-jackson@2.37 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.glassfish.jersey.media:jersey-media-json-jackson@2.37.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.webjars:webjars-locator@0.45 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.webjars:webjars-locator@0.46.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.glassfish.jersey.media:jersey-media-json-jackson@2.37 com.fasterxml.jackson.module:jackson-module-jaxb-annotations@2.13.3 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.glassfish.jersey.media:jersey-media-json-jackson@2.37.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1

…and 4 more

Overview

com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.

Affected versions of this package are vulnerable to Denial of Service (DoS) via a large depth of nested objects.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.12.6.1, 2.13.2.1 or higher.

References

Denial of Service (DoS) vulnerability report

high severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: org.json:json
  • Introduced through: org.json:json@20220924 and com.vdurmont:emoji-java@5.1.1

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.json:json@20220924
    Remediation: Upgrade to org.json:json@20231013.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.vdurmont:emoji-java@5.1.1 org.json:json@20220924

Overview

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can cause indefinite amounts of memory to be used by inputting a string of modest size. This can lead to a Denial of Service.

PoC

package orgjsonbug;

import org.json.JSONObject;

/**
 * Illustrates a bug in JSON-Java.
 */
public class Bug {
  private static String makeNested(int depth) {
    if (depth == 0) {
      return "{\"a\":1}";
    }
    return "{\"a\":1;\t\0" + makeNested(depth - 1) + ":1}";
  }

  public static void main(String[] args) {
    String input = makeNested(30);
    System.out.printf("Input string has length %d: %s\n", input.length(), input);
    JSONObject output = new JSONObject(input);
    System.out.printf("Output JSONObject has length %d: %s\n", output.toString().length(), output);
  }
}

Remediation

Upgrade org.json:json to version 20231013 or higher.

References

Allocation of Resources Without Limits or Throttling vulnerability report

high severity

Denial of Service (DoS)

  • Vulnerable module: org.json:json
  • Introduced through: org.json:json@20220924 and com.vdurmont:emoji-java@5.1.1

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.json:json@20220924
    Remediation: Upgrade to org.json:json@20230227.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.vdurmont:emoji-java@5.1.1 org.json:json@20220924

Overview

Affected versions of this package are vulnerable to Denial of Service (DoS) in the XML.toJSONObject component via crafted JSON or XML data.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade org.json:json to version 20230227 or higher.

References

Denial of Service (DoS) vulnerability report

high severity

Cross-site Scripting (XSS)

  • Vulnerable module: org.webjars:toastr
  • Introduced through: org.webjars:toastr@2.1.2

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.webjars:toastr@2.1.2

Overview

org.webjars:toastr is a Javascript library for non-blocking notifications. jQuery is required. The goal is to create a simple core library that can be customized and extended

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to the missing sanitization of message and title which are not regarded as plain text by default.

Note: The fix is not by default. As the documentation of the package mentions it; In case you want to escape HTML characters in title and message set toastr.options.escapeHtml = true.

Details

A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

Types of attacks

There are a few methods by which XSS can be manipulated:

Type Origin Description
Stored Server The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
Reflected Server The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
DOM-based Client The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
Mutated The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.

Affected environments

The following environments are susceptible to an XSS attack:

  • Web servers
  • Application servers
  • Web application environments

How to prevent

This section describes the top best practices designed to specifically protect your code:

  • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
  • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
  • Give users the option to disable client-side scripts.
  • Redirect invalid requests.
  • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
  • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
  • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.

Remediation

There is no fixed version for org.webjars:toastr.

References

Cross-site Scripting (XSS) vulnerability report

high severity

GPL-3.0 license

  • Module: org.webjars.npm:infinite-scroll
  • Introduced through: org.webjars.npm:infinite-scroll@3.0.6

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.webjars.npm:infinite-scroll@3.0.6

GPL-3.0 license

GPL-3.0 license vulnerability report

medium severity

Denial of Service (DoS)

  • Vulnerable module: commons-fileupload:commons-fileupload
  • Introduced through: org.apache.wicket:wicket-core@9.12.0, org.apache.wicket:wicket-auth-roles@9.12.0 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-core@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-core@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-auth-roles@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-ioc@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 de.agilecoders.wicket.webjars:wicket-webjars@3.0.6 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to de.agilecoders.wicket.webjars:wicket-webjars@3.0.7.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-bean-validation@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-bean-validation@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-auth-roles@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-ioc@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 de.agilecoders.wicket.webjars:wicket-webjars@3.0.6 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to de.agilecoders.wicket.webjars:wicket-webjars@3.0.7.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-bean-validation@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-bean-validation@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-extensions@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-extensions@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0 org.apache.wicket:wicket-request@9.12.0 org.apache.wicket:wicket-util@9.12.0 commons-fileupload:commons-fileupload@1.4
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.

…and 25 more

Overview

commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Affected versions of this package are vulnerable to Denial of Service (DoS) when an attacker sends a large number of request parts in a series of uploads or a single multipart upload.

NOTE: After upgrading to the fixed version, the setFileCountMax() must be explicitly set to avoid this vulnerability.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade commons-fileupload:commons-fileupload to version 1.5 or higher.

References

Denial of Service (DoS) vulnerability report

medium severity

Cross-Site Request Forgery (CSRF)

  • Vulnerable module: org.apache.wicket:wicket-core
  • Introduced through: org.apache.wicket:wicket-core@9.12.0, org.apache.wicket:wicket-auth-roles@9.12.0 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-core@9.17.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-auth-roles@9.17.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-ioc@9.17.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.17.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 de.agilecoders.wicket.webjars:wicket-webjars@3.0.6 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to de.agilecoders.wicket.webjars:wicket-webjars@4.0.3.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-bean-validation@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-bean-validation@9.17.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.17.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-auth-roles@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.17.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-devutils@9.12.0 org.apache.wicket:wicket-extensions@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to org.apache.wicket:wicket-devutils@9.17.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 org.apache.wicket:wicket-core@9.12.0
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.

…and 11 more

Overview

org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing and form handling is all handled in Java code using a first-class component model backed by POJO data beans that can easily be persisted using your favorite technology.

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF) due to an error in the evaluation of the fetch metadata headers. An attacker can bypass the CSRF protection by exploiting this vulnerability.

Remediation

Upgrade org.apache.wicket:wicket-core to version 9.17.0, 10.0.0 or higher.

References

Cross-Site Request Forgery (CSRF) vulnerability report

medium severity

Denial of Service (DoS)

  • Vulnerable module: com.fasterxml.jackson.core:jackson-databind
  • Introduced through: com.fasterxml.jackson.core:jackson-databind@2.13.1, org.glassfish.jersey.media:jersey-media-json-jackson@2.37 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.13.4.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.glassfish.jersey.media:jersey-media-json-jackson@2.37 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.glassfish.jersey.media:jersey-media-json-jackson@2.39.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.webjars:webjars-locator@0.45 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.webjars:webjars-locator@0.46.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.glassfish.jersey.media:jersey-media-json-jackson@2.37 com.fasterxml.jackson.module:jackson-module-jaxb-annotations@2.13.3 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.glassfish.jersey.media:jersey-media-json-jackson@2.39.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1

…and 4 more

Overview

com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.

Affected versions of this package are vulnerable to Denial of Service (DoS) in the _deserializeFromArray() function in BeanDeserializer, due to resource exhaustion when processing a deeply nested array.

NOTE: For this vulnerability to be exploitable the non-default DeserializationFeature must be enabled.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.12.7.1, 2.13.4 or higher.

References

Denial of Service (DoS) vulnerability report

medium severity

Denial of Service (DoS)

  • Vulnerable module: com.fasterxml.jackson.core:jackson-databind
  • Introduced through: com.fasterxml.jackson.core:jackson-databind@2.13.1, org.glassfish.jersey.media:jersey-media-json-jackson@2.37 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to com.fasterxml.jackson.core:jackson-databind@2.13.4.1.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.glassfish.jersey.media:jersey-media-json-jackson@2.37 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.glassfish.jersey.media:jersey-media-json-jackson@2.39.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.webjars:webjars-locator@0.45 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.webjars:webjars-locator@0.47.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.glassfish.jersey.media:jersey-media-json-jackson@2.37 com.fasterxml.jackson.module:jackson-module-jaxb-annotations@2.13.3 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.glassfish.jersey.media:jersey-media-json-jackson@2.39.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 com.fasterxml.jackson.core:jackson-databind@2.13.1

…and 4 more

Overview

com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor.

Affected versions of this package are vulnerable to Denial of Service (DoS) in the _deserializeWrappedValue() function in StdDeserializer.java, due to resource exhaustion when processing deeply nested arrays.

NOTE: This vulnerability is only exploitable when the non-default UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

Details

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

  • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

  • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

Remediation

Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.12.7.1, 2.13.4.1 or higher.

References

Denial of Service (DoS) vulnerability report

medium severity

Cross-site Scripting (XSS)

  • Vulnerable module: com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
  • Introduced through: com.googlecode.wicket-jquery-ui:wicket-jquery-ui-plugins@9.11.0

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.googlecode.wicket-jquery-ui:wicket-jquery-ui-plugins@9.11.0 com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer@20191001.1
    Remediation: Upgrade to com.googlecode.wicket-jquery-ui:wicket-jquery-ui-plugins@9.12.0.

Overview

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via special tags inside <select> elements.

Details

A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

Types of attacks

There are a few methods by which XSS can be manipulated:

Type Origin Description
Stored Server The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
Reflected Server The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
DOM-based Client The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
Mutated The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.

Affected environments

The following environments are susceptible to an XSS attack:

  • Web servers
  • Application servers
  • Web application environments

How to prevent

This section describes the top best practices designed to specifically protect your code:

  • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
  • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
  • Give users the option to disable client-side scripts.
  • Redirect invalid requests.
  • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
  • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
  • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.

Remediation

Upgrade com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer to version 20211018.2 or higher.

References

Cross-site Scripting (XSS) vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-classic
  • Introduced through: org.springframework.boot:spring-boot-starter-web@3.5.0, org.springframework.boot:spring-boot-starter-actuator@3.5.0 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18

…and 5 more

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

  • Module: ch.qos.logback:logback-core
  • Introduced through: org.springframework.boot:spring-boot-starter-web@3.5.0, org.springframework.boot:spring-boot-starter-actuator@3.5.0 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18 ch.qos.logback:logback-core@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18 ch.qos.logback:logback-core@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18 ch.qos.logback:logback-core@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18 ch.qos.logback:logback-core@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18 ch.qos.logback:logback-core@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18 ch.qos.logback:logback-core@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18 ch.qos.logback:logback-core@1.5.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-starter-logging@3.5.0 ch.qos.logback:logback-classic@1.5.18 ch.qos.logback:logback-core@1.5.18

…and 5 more

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

EPL-1.0 license

  • Module: junit:junit
  • Introduced through: org.apache.wicket:wicket-ioc@9.12.0, de.agilecoders.wicket.webjars:wicket-webjars@3.0.6 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-ioc@9.12.0 cglib:cglib@3.3.0 junit:junit@4.12
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 de.agilecoders.wicket.webjars:wicket-webjars@3.0.6 org.junit.vintage:junit-vintage-engine@5.8.2 junit:junit@4.12
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.antlr:ST4@4.3.4 org.antlr:antlr-runtime@3.5.3 junit:junit@4.12
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 cglib:cglib@3.3.0 junit:junit@4.12
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-ioc@9.12.0 cglib:cglib@3.3.0 junit:junit@4.12
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 cglib:cglib@3.3.0 junit:junit@4.12

…and 3 more

EPL-1.0 license

EPL-1.0 license vulnerability report

medium severity

EPL-1.0 license

  • Module: org.aspectj:aspectjweaver
  • Introduced through: org.springframework.boot:spring-boot-starter-data-jpa@3.5.0

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework:spring-aspects@6.2.7 org.aspectj:aspectjweaver@1.9.22.1

EPL-1.0 license

EPL-1.0 license vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.hibernate:hibernate-core
  • Introduced through: org.hibernate:hibernate-search-orm@5.11.11.Final

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.hibernate:hibernate-search-orm@5.11.11.Final org.hibernate:hibernate-core@5.4.33.Final

LGPL-2.1 license

LGPL-2.1 license vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.hibernate:hibernate-search-engine
  • Introduced through: org.hibernate:hibernate-search-engine@5.11.11.Final and org.hibernate:hibernate-search-orm@5.11.11.Final

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.hibernate:hibernate-search-engine@5.11.11.Final
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.hibernate:hibernate-search-orm@5.11.11.Final org.hibernate:hibernate-search-engine@5.11.11.Final

LGPL-2.1 license

LGPL-2.1 license vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.hibernate:hibernate-search-orm
  • Introduced through: org.hibernate:hibernate-search-orm@5.11.11.Final

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.hibernate:hibernate-search-orm@5.11.11.Final

LGPL-2.1 license

LGPL-2.1 license vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.hibernate.common:hibernate-commons-annotations
  • Introduced through: org.hibernate:hibernate-search-engine@5.11.11.Final, org.hibernate:hibernate-search-orm@5.11.11.Final and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.hibernate:hibernate-search-engine@5.11.11.Final org.hibernate.common:hibernate-commons-annotations@5.1.2.Final
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.hibernate:hibernate-search-orm@5.11.11.Final org.hibernate:hibernate-search-engine@5.11.11.Final org.hibernate.common:hibernate-commons-annotations@5.1.2.Final
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.hibernate:hibernate-search-orm@5.11.11.Final org.hibernate:hibernate-core@5.4.33.Final org.hibernate.common:hibernate-commons-annotations@5.1.2.Final
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.hibernate.orm:hibernate-core@6.6.15.Final org.hibernate.common:hibernate-commons-annotations@5.1.2.Final

…and 1 more

LGPL-2.1 license

LGPL-2.1 license vulnerability report

medium severity

LGPL-2.1 license

  • Module: org.hibernate.orm:hibernate-core
  • Introduced through: org.springframework.boot:spring-boot-starter-data-jpa@3.5.0

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.hibernate.orm:hibernate-core@6.6.15.Final

LGPL-2.1 license

LGPL-2.1 license vulnerability report

low severity

Improper Handling of Case Sensitivity

  • Vulnerable module: org.springframework:spring-context
  • Introduced through: org.apache.wicket:wicket-spring@9.12.0, com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.13.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@4.0.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-devtools@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework:spring-context-support@7.0.0-M5 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-devtools@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-actuator@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18

…and 25 more

Overview

Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity via the patterns for disallowedFields on a DataBinder. As a result, a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including nested fields within the property path.

Remediation

Upgrade org.springframework:spring-context to version 5.2.21, 5.3.19 or higher.

References

Improper Handling of Case Sensitivity vulnerability report

low severity

Creation of Temporary File in Directory with Insecure Permissions

  • Vulnerable module: com.google.guava:guava
  • Introduced through: com.googlecode.wicket-jquery-ui:wicket-jquery-ui-plugins@9.11.0

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.googlecode.wicket-jquery-ui:wicket-jquery-ui-plugins@9.11.0 com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer@20191001.1 com.google.guava:guava@27.1-jre

Overview

com.google.guava:guava is a set of core libraries that includes new collection types (such as multimap and multiset,immutable collections, a graph library, functional types, an in-memory cache and more.

Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the use of Java's default temporary directory for file creation in FileBackedOutputStream. Other users and apps on the machine with access to the default Java temporary directory can access the files created by this class. This more fully addresses the underlying issue described in CVE-2020-8908, by deprecating the permissive temp file creation behavior.

NOTE: Even though the security vulnerability is fixed in version 32.0.0, the maintainers recommend using version 32.0.1, as version 32.0.0 breaks some functionality under Windows.

Remediation

Upgrade com.google.guava:guava to version 32.0.0-android, 32.0.0-jre or higher.

References

Creation of Temporary File in Directory with Insecure Permissions vulnerability report

low severity

Information Disclosure

  • Vulnerable module: com.google.guava:guava
  • Introduced through: com.googlecode.wicket-jquery-ui:wicket-jquery-ui-plugins@9.11.0

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.googlecode.wicket-jquery-ui:wicket-jquery-ui-plugins@9.11.0 com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer@20191001.1 com.google.guava:guava@27.1-jre
    Remediation: Upgrade to com.googlecode.wicket-jquery-ui:wicket-jquery-ui-plugins@9.12.0.

Overview

com.google.guava:guava is a set of core libraries that includes new collection types (such as multimap and multiset,immutable collections, a graph library, functional types, an in-memory cache and more.

Affected versions of this package are vulnerable to Information Disclosure. The file permissions on the file created by com.google.common.io.Files.createTempDir allow an attacker running a malicious program co-resident on the same machine to steal secrets stored in this directory. This is because, by default, on unix-like operating systems the /tmp directory is shared between all users, so if the correct file permissions aren't set by the directory/file creator, the file becomes readable by all other users on that system.

PoC

File guavaTempDir = com.google.common.io.Files.createTempDir();
System.out.println("Guava Temp Dir: " + guavaTempDir.getName());
runLS(guavaTempDir.getParentFile(), guavaTempDir); // Prints the file permissions -> drwxr-xr-x
File child = new File(guavaTempDir, "guava-child.txt");
child.createNewFile();
runLS(guavaTempDir, child); // Prints the file permissions -> -rw-r--r--

For Android developers, choosing a temporary directory API provided by Android is recommended, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

Remediation

There is no fix for com.google.guava:guava. However, in version 30.0 and above, the vulnerable functionality has been deprecated. In oder to mitigate this vulnerability, upgrade to version 30.0 or higher and ensure your dependencies don't use the createTempDir or createTempFile methods.

References

Information Disclosure vulnerability report

low severity

Information Exposure

  • Vulnerable module: junit:junit
  • Introduced through: org.apache.wicket:wicket-ioc@9.12.0, de.agilecoders.wicket.webjars:wicket-webjars@3.0.6 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-ioc@9.12.0 cglib:cglib@3.3.0 junit:junit@4.12
    Remediation: Upgrade to org.apache.wicket:wicket-ioc@9.12.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 de.agilecoders.wicket.webjars:wicket-webjars@3.0.6 org.junit.vintage:junit-vintage-engine@5.8.2 junit:junit@4.12
    Remediation: Upgrade to de.agilecoders.wicket.webjars:wicket-webjars@3.0.6.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.antlr:ST4@4.3.4 org.antlr:antlr-runtime@3.5.3 junit:junit@4.12
    Remediation: Upgrade to org.antlr:ST4@4.3.4.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 cglib:cglib@3.3.0 junit:junit@4.12
    Remediation: Upgrade to org.apache.wicket:wicket-spring@9.12.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-ioc@9.12.0 cglib:cglib@3.3.0 junit:junit@4.12
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.7.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.apache.wicket:wicket-ioc@9.12.0 cglib:cglib@3.3.0 junit:junit@4.12
    Remediation: Upgrade to com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.7.

…and 3 more

Overview

junit:junit is an unit testing framework for Java

Affected versions of this package are vulnerable to Information Exposure. The JUnit4 test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system.

Note: This vulnerability does not allow other users to overwrite the contents of these directories or files. This only affects Unix like systems.

Remediation

Upgrade junit:junit to version 4.13.1 or higher.

References

Information Exposure vulnerability report

low severity

Improper Handling of Case Sensitivity

  • Vulnerable module: org.springframework:spring-context
  • Introduced through: org.apache.wicket:wicket-spring@9.12.0, com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.apache.wicket:wicket-spring@10.3.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-devtools@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework:spring-context-support@7.0.0-M5 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-devtools@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-actuator@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18

…and 25 more

Overview

Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to String.toLowerCase() having some Locale dependent exceptions that could potentially result in fields not protected as expected.

Note:

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive.

This vulnerability was also fixed in commercial versions 5.3.41 and 6.0.25.

Remediation

Upgrade org.springframework:spring-context to version 6.1.14 or higher.

References

Improper Handling of Case Sensitivity vulnerability report

low severity

Improper Handling of Case Sensitivity

  • Vulnerable module: org.springframework:spring-core
  • Introduced through: org.wicketstuff:wicketstuff-annotation@9.12.0, org.apache.wicket:wicket-spring@9.12.0 and others

Detailed paths

  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.wicketstuff:wicketstuff-annotation@9.12.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.wicketstuff:wicketstuff-annotation@10.3.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.apache.wicket:wicket-spring@10.3.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-devtools@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-web@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework:spring-context-support@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-web@6.2.7 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework:spring-context-support@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-devtools@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework:spring-context-support@7.0.0-M5 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-devtools@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework:spring-web@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-web@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-web@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-tx@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework:spring-jdbc@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework.data:spring-data-commons@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-orm@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework:spring-context-support@7.0.0-M5 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework:spring-web@6.2.7 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-web@6.2.7 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-web@6.2.7 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-tx@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework:spring-jdbc@6.2.7 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework.data:spring-data-commons@3.5.0 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-orm@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework:spring-context-support@7.0.0-M5 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-devtools@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework:spring-context-support@7.0.0-M5 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-devtools@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-actuator@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework:spring-web@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-web@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework:spring-jdbc@6.2.7 org.springframework:spring-tx@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-orm@7.0.0-M5 org.springframework:spring-tx@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-orm@7.0.0-M5 org.springframework:spring-jdbc@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.apache.wicket:wicket-spring@9.12.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework:spring-context-support@7.0.0-M5 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework:spring-web@6.2.7 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-web@6.2.7 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework:spring-jdbc@6.2.7 org.springframework:spring-tx@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-orm@7.0.0-M5 org.springframework:spring-tx@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-orm@7.0.0-M5 org.springframework:spring-jdbc@6.2.7 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-devtools@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-actuator@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-orm@7.0.0-M5 org.springframework:spring-jdbc@6.2.7 org.springframework:spring-tx@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-devtools@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework:spring-webmvc@6.2.7 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-actuator@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.data:spring-data-jpa@3.5.0 org.springframework:spring-orm@7.0.0-M5 org.springframework:spring-jdbc@6.2.7 org.springframework:spring-tx@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-actuator@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-validation@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-actuator@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-actuator@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-validation@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-actuator@3.5.0 org.springframework.boot:spring-boot-actuator-autoconfigure@3.5.0 org.springframework.boot:spring-boot-actuator@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-web@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
    Remediation: Upgrade to org.springframework.boot:spring-boot-starter-data-jpa@3.5.0.
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 org.springframework.boot:spring-boot-starter-data-jpa@3.5.0 org.springframework.boot:spring-boot-starter-jdbc@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-expression@6.2.7 org.springframework:spring-core@5.3.23
  • Introduced through: jvm-bloggers/jvm-bloggers@jvm-bloggers/jvm-bloggers#a9be8e4e70936663aa425cd95ff6182859799cf2 com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter@3.1.6 org.springframework.boot:spring-boot-starter-web@3.5.0 org.springframework.boot:spring-boot-starter-json@3.5.0 org.springframework.boot:spring-boot-starter@3.5.0 org.springframework.boot:spring-boot-autoconfigure@3.5.0 org.springframework.boot:spring-boot@3.5.0 org.springframework:spring-context@5.3.18 org.springframework:spring-aop@7.0.0-M5 org.springframework:spring-beans@7.0.0-M5 org.springframework:spring-core@5.3.23

…and 212 more

Overview

org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities.

Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to String.toLowerCase() having some Locale dependent exceptions that could potentially result in fields not protected as expected.

Note:

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive.

This vulnerability was also fixed in commercial versions 5.3.41 and 6.0.25.

Remediation

Upgrade org.springframework:spring-core to version 6.1.14 or higher.

References

Improper Handling of Case Sensitivity vulnerability report