zap-extensions
zap-extensions copied to clipboard
Published
20 hours ago •
zaproxy
zaproxy
webuipoc: integrate code formatter
Checkmarx One – Scan Summary & Details – 856744c7-40b9-4ba2-b7de-497b607cb617
New Issues (49)
Checkmarx found the following issues in this Pull Request
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
CVE-2016-5003 | Maven-org.apache.xmlrpc:xmlrpc-client-3.1.3 | detailsDescription: The Apache XML-RPC (aka ws-xmlrpc) library, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized J...Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2016-5003 | Maven-org.apache.xmlrpc:xmlrpc-common-3.1.3 | detailsDescription: The Apache XML-RPC (aka ws-xmlrpc) library, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized J...Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2019-17570 | Maven-org.apache.xmlrpc:xmlrpc-common-3.1.3 | detailsDescription: An untrusted deserialization was found in the "org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult" method of Apache XML-RPC (aka ws-xmlrpc) li...Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2019-17570 | Maven-org.apache.xmlrpc:xmlrpc-client-3.1.3 | detailsDescription: An untrusted deserialization was found in the "org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult" method of Apache XML-RPC (aka ws-xmlrpc) li...Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2024-53990 | Maven-org.asynchttpclient:async-http-client-2.12.3 | detailsRecommended version: 2.12.4Description: The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making a... Attack Vector: NETWORK Attack Complexity: HIGH |
 |
CVE-2012-0881 | Maven-xerces:xercesImpl-2.11.0 | detailsRecommended version: 2.12.2Description: Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML ser... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2013-4002 | Maven-xerces:xercesImpl-2.11.0 | detailsRecommended version: 2.12.2Description: XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 b... Attack Vector: NETWORK Attack Complexity: MEDIUM |
|
CVE-2016-2510 | Maven-org.beanshell:bsh-2.0b5 | detailsDescription: BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to ...Attack Vector: NETWORK Attack Complexity: HIGH Exploitable Path: [email protected]/BeanShellConsoleFrame.java - ... - getInterface@/bsh/XThis.java |
|
CVE-2016-5002 | Maven-org.apache.xmlrpc:xmlrpc-client-3.1.3 | detailsDescription: XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library, as used in Apache Archiva, allows remote attackers to conduc...Attack Vector: LOCAL Attack Complexity: LOW |
|
CVE-2016-5002 | Maven-org.apache.xmlrpc:xmlrpc-common-3.1.3 | detailsDescription: XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library, as used in Apache Archiva, allows remote attackers to conduc...Attack Vector: LOCAL Attack Complexity: LOW |
|
CVE-2017-9096 | Maven-com.lowagie:itext-2.1.7 | detailsDescription: The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML ext...Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2020-36518 | Maven-com.fasterxml.jackson.core:jackson-databind-2.13.1 | detailsRecommended version: 2.13.4.1Description: jackson-databind before 2.12.6.1 and 2.13.x before 2.13.2.1 allows a Java StackOverflow exception and denial of service via a large depth of neste... Attack Vector: NETWORK Attack Complexity: LOW Exploitable Path: [email protected]/AuthenticationData.java - ... - [email protected] |
|
CVE-2021-33813 | Maven-org.jdom:jdom-2.0.2 | detailsDescription: An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.Attack Vector: NETWORK Attack Complexity: LOW Exploitable Path: [email protected]/SQLiPayloadManager.java - ... - [email protected]/input/SAXBuilder.java |
|
CVE-2021-40660 | Maven-org.javadelight:delight-nashorn-sandbox-0.1.27 | detailsRecommended version: 0.3.1Description: The Delight Nashorn Sandbox 0.1.22 through 0.3.0 is vulnerable to ReDoS, that can be exploited to launching a denial of service (DoS) attack. Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2022-24839 | Maven-net.sourceforge.nekohtml:nekohtml-1.9.22 | detailsDescription: "org.cyberneko.html" is an HTML parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemory...Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2022-25647 | Maven-com.google.code.gson:gson-2.8.5 | detailsRecommended version: 2.8.9Description: The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the 'writeReplace()' method in internal c... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2022-25647 | Maven-com.google.code.gson:gson-2.3.1 | detailsRecommended version: 2.8.9Description: The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the 'writeReplace()' method in internal c... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2022-4065 | Maven-org.testng:testng-7.5 | detailsRecommended version: 7.5.1Description: A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function "testngXmlExistsInJar"... Attack Vector: LOCAL Attack Complexity: LOW |
|
CVE-2022-42003 | Maven-com.fasterxml.jackson.core:jackson-databind-2.13.1 | detailsRecommended version: 2.13.4.1Description: In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avo... Attack Vector: NETWORK Attack Complexity: LOW Exploitable Path: [email protected]/AuthenticationData.java - ... - [email protected] |
|
CVE-2022-42004 | Maven-com.fasterxml.jackson.core:jackson-databind-2.13.1 | detailsRecommended version: 2.13.4.1Description: In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in "BeanDeserializer._deserializeFromArray"... Attack Vector: NETWORK Attack Complexity: LOW Exploitable Path: [email protected]/AuthenticationData.java - ... - [email protected] |
|
CVE-2023-26919 | Maven-org.javadelight:delight-nashorn-sandbox-0.1.27 | detailsDescription: delight-nashorn-sandbox is vulnerable to sandbox escape. When "allowExitFunctions" is set to "false", the "loadWithNewGlobal" function can be used ...Attack Vector: NETWORK Attack Complexity: LOW Exploitable Path: invokeFunction@.../graaljs/PacScript.java - ... - [email protected] |
|
CVE-2024-7254 | Maven-com.google.protobuf:protobuf-java-3.25.1 | detailsRecommended version: 3.25.5Description: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups/series of SGROUP tags can corrupted by exce... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2025-24970 | Maven-io.netty:netty-handler-4.1.100.Final | detailsRecommended version: 4.1.118.FinalDescription: Netty, an asynchronous, event-driven network application framework, has a vulnerability in version 4.1.91.Final through 4.1.117.Final and 4.2.0.Alp... Attack Vector: NETWORK Attack Complexity: LOW Exploitable Path: [email protected]/TlsProtocolHandler.java - ... - [email protected] |
|
Cx78f40514-81ff | Maven-commons-collections:commons-collections-3.2.2 | detailsDescription: The framework Apache Commons Collections before 4.3 is vulnerable to Stack Overflow. The function `add()` in the file `list/SetUniqueList.java` thr...Attack Vector: NETWORK Attack Complexity: LOW Exploitable Path: [email protected]/UrlParamValueHandler.java - ... - [email protected]/list/SetUniqueList.java |
|
Cxdfe95b9f-ea87 | Maven-org.jetbrains.kotlin:kotlin-compiler-embeddable-1.3.72 | detailsRecommended version: 1.7.0Description: Kotlin is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability ... Attack Vector: NETWORK Attack Complexity: LOW |
 |
CVE-2012-5783 | Maven-commons-httpclient:commons-httpclient-3.1 | detailsDescription: Apache Commons HttpClient prior to 4.0-alpha1, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not ver...Attack Vector: NETWORK Attack Complexity: MEDIUM |
|
CVE-2012-6153 | Maven-commons-httpclient:commons-httpclient-3.1 | detailsDescription: http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain na...Attack Vector: NETWORK Attack Complexity: MEDIUM |
|
CVE-2017-10355 | Maven-xerces:xercesImpl-2.11.0 | detailsRecommended version: 2.12.2Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affecte... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2018-2799 | Maven-xerces:xercesImpl-2.11.0 | detailsRecommended version: 2.12.2Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are ... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2020-13697 | Maven-org.nanohttpd:nanohttpd-2.3.1 | detailsDescription: An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints deb...Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2020-13956 | Maven-commons-httpclient:commons-httpclient-3.1 | detailsDescription: Apache HttpClient can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong ta...Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2020-13956 | Maven-org.apache.httpcomponents:httpclient-4.5.8 | detailsRecommended version: 4.5.13Description: Apache HttpClient can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong ta... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2020-14338 | Maven-xerces:xercesImpl-2.11.0 | detailsRecommended version: 2.12.2Description: A flaw was found in Xerces, specifically in the way the XMLSchemaValidator class. This flaw allows a specially-crafted XML file to manipulate the v... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2020-29582 | Maven-org.jetbrains.kotlin:kotlin-scripting-jvm-1.3.72 | detailsRecommended version: 1.4.21Description: In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from su... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2020-29582 | Maven-org.jetbrains.kotlin:kotlin-compiler-embeddable-1.3.72 | detailsRecommended version: 1.7.0Description: In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from su... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2022-21230 | Maven-org.nanohttpd:nanohttpd-2.3.1 | detailsDescription: This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the requ...Attack Vector: LOCAL Attack Complexity: LOW |
|
CVE-2022-23437 | Maven-xerces:xercesImpl-2.11.0 | detailsRecommended version: 2.12.2Description: There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the ... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2022-24329 | Maven-org.jetbrains.kotlin:kotlin-stdlib-1.3.72 | detailsRecommended version: 1.6.0Description: In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2022-24613 | Maven-com.drewnoakes:metadata-extractor-2.13.0 | detailsRecommended version: 2.18.0Description: metadata-extractor prior to 2.18.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an appl... Attack Vector: LOCAL Attack Complexity: LOW |
|
CVE-2022-24614 | Maven-com.drewnoakes:metadata-extractor-2.13.0 | detailsRecommended version: 2.18.0Description: When reading a specially crafted JPEG file, metadata-extractor prior to 2.18.0 can be made to allocate large amounts of memory that finally leads t... Attack Vector: LOCAL Attack Complexity: LOW |
|
CVE-2022-24823 | Maven-io.netty:netty-common-4.1.73.Final | detailsRecommended version: 4.1.108.Final-redhat-00002Description: Netty is an open-source, asynchronous event-driven network application framework. The packages `io.netty:netty-all` and `io.netty:netty-common` 4.1... Attack Vector: LOCAL Attack Complexity: LOW |
|
CVE-2022-27820 | Maven-org.zaproxy:zap-2.16.0 | detailsDescription: OWASP Zed Attack Proxy (ZAP) does not verify the TLS certificate chain of an HTTPS server.Attack Vector: NETWORK Attack Complexity: HIGH |
|
CVE-2023-34462 | Maven-io.netty:netty-handler-4.1.73.Final | detailsRecommended version: 4.1.118.FinalDescription: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clien... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2024-29025 | Maven-io.netty:netty-codec-http-4.1.73.Final | detailsRecommended version: 4.1.97.Final-redhat-00004Description: Netty is an asynchronous event-driven network application framework for the rapid development of maintainable high-performance protocol servers & c... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2024-29025 | Maven-io.netty:netty-codec-http-4.1.100.Final | detailsRecommended version: 4.1.108.FinalDescription: Netty is an asynchronous event-driven network application framework for the rapid development of maintainable high-performance protocol servers & c... Attack Vector: NETWORK Attack Complexity: LOW |
|
CVE-2024-47535 | Maven-io.netty:netty-common-4.1.73.Final | detailsRecommended version: 4.1.108.Final-redhat-00002Description: Netty is an asynchronous event-driven network application framework for rapidly developing maintainable high-performance protocol servers & clients... Attack Vector: LOCAL Attack Complexity: LOW |
|
CVE-2024-47535 | Maven-io.netty:netty-common-4.1.100.Final | detailsRecommended version: 4.1.108.Final-redhat-00002Description: Netty is an asynchronous event-driven network application framework for rapidly developing maintainable high-performance protocol servers & clients... Attack Vector: LOCAL Attack Complexity: LOW |
 |
CVE-2024-20925 | Maven-org.openjfx:javafx-media-11 | detailsRecommended version: 17.0.10Description: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are ... Attack Vector: NETWORK Attack Complexity: HIGH |
|
Cxeb68d52e-5509 | Maven-commons-codec:commons-codec-1.11 | detailsRecommended version: 1.13Description: Apache commons-codec before 1.13 is vulnerable to information exposure. The Base32 and Base64 implementation blindly decode invalid string, which c... Attack Vector: NETWORK Attack Complexity: HIGH |
