big-data-plugin
big-data-plugin copied to clipboard
pentaho
[PPP-4743] - Added changes for Vulnerable Component: Jackson ASL
Quality Gate passed
Issues
0 New issues
0 Fixed issues
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
No data about Duplication
See analysis details on SonarQube
![hitachivantarasonarqube[bot] avatar](https://avatars.githubusercontent.com/u/1022787?v=4 "Published by a pub.dev verified publisher"){kind=small}
📦 Vulnerable Dependencies
✍️ Summary
| SEVERITY | DIRECT DEPENDENCIES | IMPACTED DEPENDENCY | FIXED VERSIONS | CVES |
|---|---|---|---|---|
 Critical |
org.mnode.mstor:mstor:0.9.13 pentaho:pentaho-big-data-assemblies-pmr-libraries:10.3.0.0-SNAPSHOT |
org.jyaml:jyaml 1.3 | - | CVE-2020-8441 |
 High |
jdom:jdom:1.0 pentaho:pentaho-big-data-assemblies-pmr-libraries:10.3.0.0-SNAPSHOT |
jdom:jdom 1.0 | - | CVE-2021-33813 |
🔬 Research Details
[ CVE-2020-8441 ] org.jyaml:jyaml 1.3
Description: JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product.
[ CVE-2021-33813 ] jdom:jdom 1.0
Description: An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
Note:
Frogbot also supports Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning. This features are included as part of the JFrog Advanced Security package, which isn't enabled on your system.
:x: Build failed in 21m 26s
Build command:
mvn clean verify -B -e -Daudit -Djs.no.sandbox -pl assemblies/features
:exclamation: No tests found!
:information_source: This is an automatic message