alfresco / alfresco-remote-api Goto Github PK

REST API layer for Alfresco Content Services (Community and Enterprise)

Home Page: https://www.alfresco.com/platform/content-services-ecm/trial/download

License: GNU Lesser General Public License v3.0

FreeMarker 2.59% JavaScript 1.65% GAP 0.05% Java 93.23% Shell 0.01% HTML 2.46%

alfresco-remote-api's Introduction

This project has now been Archived

The alfresco-core, alfresco-data-model, alfresco-repository and alfresco-remote-api projects have been archived with their code incorporated into alfresco-community-repo to simply ongoing development. The same artifacts are still produced by the new project. It also has a branch used as the basis of each of ACS 6 Enterprise release. For more information, set the new project’s README.md file.

Alfresco Remote API

Remote API is a library packaged as a jar file which is part of Alfresco Content Services Repository. The library contains the following:

REST API framework
WebScript implementations including V1 REST APIs
OpenCMIS implementations

Building and testing

The project can be built by running Maven command:

mvn clean install

The tests are combined in test classes split by test type or Spring application context used in the test, see classes in src/test/java/org/alfresco. All of these classes as well as individual tests can be run by specifying the test class name and a set of DB connection properties, for example:

mvn clean test -Dtest=SomeTest -Ddb.driver=org.postgresql.Driver -Ddb.name=alfresco -Ddb.url=jdbc:postgresql:alfresco -Ddb.username=alfresco -Ddb.password=alfresco

Artifacts

The artifacts can be obtained by:

downloading from Alfresco repository
getting as Maven dependency by adding the dependency to your pom file:

<dependency>
  <groupId>org.alfresco</groupId>
  <artifactId>alfresco-remote-api</artifactId>
  <version>version</version>
</dependency>

and Alfresco Maven repository:

<repository>
  <id>alfresco-maven-repo</id>
  <url>https://artifacts.alfresco.com/nexus/content/groups/public</url>
</repository>

The SNAPSHOT version of the artifact is never published.

Contributing guide

Please use this guide to make a contribution to the project.

alfresco-remote-api's People

Contributors

Stargazers

Watchers

alfresco-remote-api's Issues

CVE-2017-12624 Medium Severity Vulnerability detected by WhiteSource

CVE-2017-12624 - Medium Severity Vulnerability

Vulnerable Library - cxf-rt-frontend-jaxrs-3.0.16.jar

Apache CXF Runtime JAX-RS Frontend

Library home page: http://cxf.apache.org

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/apache/cxf/cxf-rt-frontend-jaxrs/3.0.16/cxf-rt-frontend-jaxrs-3.0.16.jar

Dependency Hierarchy:

alfresco-data-model-8.31.jar (Root Library)
- tika-parsers-1.17-20180201-alfresco-patched.jar
  - cxf-rt-rs-client-3.0.16.jar
    - ❌ cxf-rt-frontend-jaxrs-3.0.16.jar (Vulnerable Library)

Found in HEAD commit: edc6748cca48a666496f3748739a5f0d3fbeb61a

Vulnerability Details

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size".

Publish Date: 2017-11-14

URL: CVE-2017-12624

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12624

Release Date: 2017-11-14

Fix Resolution: 3.2.1, 3.1.14

Step up your Open Source Security Game with WhiteSource here

commons-csv version update suggestion

I suggest raising the version of commons-csv in alfresco-remote-api.

As a result, I think that there are the following merits.

Easy to maintain because you can refer to the official documentation
The latest method can be used for function addition and add-on development.

I have already tested a source that has already been upgraded and confirmed that it has passed.

How about that?

CVE-2016-2510 High Severity Vulnerability detected by WhiteSource

CVE-2016-2510 - High Severity Vulnerability

Vulnerable Library - bsh-1.3.0.jar

Lightweight Scripting for Java

Library home page: http://www.beanshell.org/

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/beanshell/bsh/1.3.0/bsh-1.3.0.jar

Dependency Hierarchy:

alfresco-repository-7.33.15.jar (Root Library)
- ❌ bsh-1.3.0.jar (Vulnerable Library)

Found in HEAD commit: 6a5df31f1f2c57a1754191ef5419d35be65fb8df

Vulnerability Details

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

Publish Date: 2016-04-07

URL: CVE-2016-2510

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://security.gentoo.org/glsa/201607-17

Release Date: 2016-07-30

Fix Resolution: All BeanShell users should upgrade to the latest version >= bsh-2.0_beta6

Step up your Open Source Security Game with WhiteSource here

CVE-2018-8039 High Severity Vulnerability detected by WhiteSource

CVE-2018-8039 - High Severity Vulnerability

Vulnerable Library - cxf-rt-transports-http-3.0.12.jar

Apache CXF Runtime HTTP Transport

Library home page: http://cxf.apache.org

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/apache/cxf/cxf-rt-transports-http/3.0.12/cxf-rt-transports-http-3.0.12.jar

Dependency Hierarchy:

chemistry-opencmis-client-impl-1.0.0.jar (Root Library)
- ❌ cxf-rt-transports-http-3.0.12.jar (Vulnerable Library)

Found in HEAD commit: 6a5df31f1f2c57a1754191ef5419d35be65fb8df

Vulnerability Details

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.

Publish Date: 2018-07-02

URL: CVE-2018-8039

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8039

Release Date: 2018-02-06

Fix Resolution: 3.1.16,3.2.5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-1272 High Severity Vulnerability detected by WhiteSource

CVE-2018-1272 - High Severity Vulnerability

Vulnerable Library - spring-core-5.0.4.RELEASE.jar

Spring Core

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/springframework/spring-core/5.0.4.RELEASE/spring-core-5.0.4.RELEASE.jar

Dependency Hierarchy:

alfresco-repository-6.56.17.jar (Root Library)
- ❌ spring-core-5.0.4.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: 0da7eda5156750f521e172741ac40cdbb40cdfa5

Vulnerability Details

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Publish Date: 2018-04-06

URL: CVE-2018-1272

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272

Release Date: 2018-04-06

Fix Resolution: v4.3.15.RELEASE,v5.0.5.RELEASE

Step up your Open Source Security Game with WhiteSource here

CVE-2018-15756 High Severity Vulnerability detected by WhiteSource

CVE-2018-15756 - High Severity Vulnerability

Vulnerable Library - spring-web-5.0.4.RELEASE.jar

Spring Web

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/springframework/spring-web/5.0.4.RELEASE/spring-web-5.0.4.RELEASE.jar

Dependency Hierarchy:

alfresco-repository-6.56.17.jar (Root Library)
- ❌ spring-web-5.0.4.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: 0da7eda5156750f521e172741ac40cdbb40cdfa5

Vulnerability Details

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.

Publish Date: 2018-10-18

URL: CVE-2018-15756

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pivotal.io/security/cve-2018-15756

Release Date: 2018-10-18

Fix Resolution: 4.3.20,5.0.10,5.1.1

Step up your Open Source Security Game with WhiteSource here

Project does not build, unit tests fail with `Cannot create JDBC driver of class '' for connect URL ''`

This project is not buildable using a simple mvn package after a clean clone of the alfresco-remote-api-7.35 tag which is part of the 201901 GA version.

Many unit tests fail like this:

...
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dialect': FactoryBean threw exception on object creation; nested exception is org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection; nested exception is org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL ''
        at org.alfresco.repo.web.scripts.upload.UploadWebScriptTest.setUp(UploadWebScriptTest.java:97)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dialect': FactoryBean threw exception on object creation; nested exception is org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection; nested exception is org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL ''
        at org.alfresco.repo.web.scripts.upload.UploadWebScriptTest.setUp(UploadWebScriptTest.java:97)
Caused by: org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection; nested exception is org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL ''
        at org.alfresco.repo.web.scripts.upload.UploadWebScriptTest.setUp(UploadWebScriptTest.java:97)
Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL ''
        at org.alfresco.repo.web.scripts.upload.UploadWebScriptTest.setUp(UploadWebScriptTest.java:97)
Caused by: java.sql.SQLException: No suitable driver
        at org.alfresco.repo.web.scripts.upload.UploadWebScriptTest.setUp(UploadWebScriptTest.java:97)
...

The interesting line is

Cannot create JDBC driver of class '' for connect URL ''

which indicates that some database setup is necessary before the project can be build.

What database setup is required?
How to tell Maven about the database setup and necessary connection properties?

CVE-2015-5211 High Severity Vulnerability detected by WhiteSource

CVE-2015-5211 - High Severity Vulnerability

Vulnerable Library - spring-webmvc-3.2.14.RELEASE.jar

Spring Web MVC

path: /root/.m2/repository/org/springframework/spring-webmvc/3.2.14.RELEASE/spring-webmvc-3.2.14.RELEASE.jar

Library home page: https://github.com/SpringSource/spring-framework

Dependency Hierarchy:

spring-webscripts-6.21.jar (Root Library)
- ❌ spring-webmvc-3.2.14.RELEASE.jar (Vulnerable Library)

Vulnerability Details

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.

Publish Date: 2017-05-25

URL: CVE-2015-5211

CVSS 3 Score Details (8.6)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pivotal.io/security/cve-2015-5211

Fix Resolution: Users of affected Spring Framework versions should upgrade as follows: For 3.2.x upgrade to 3.2.15+. For 4.0.x and 4.1.x upgrade to 4.1.8+. For 4.2.x upgrade to 4.2.2+. In the above mentioned versions Spring MVC checks if the URL contains a file extension prior to writing with an HttpMessageConverter, and if the extension is unknown a “Content-Disposition” response header is added to suggest the download filename “f.txt”. The list of “known” extensions by default includes the ones associated with the built-in HttpMessageConverter implementations as well as any additional extensions explicitly registered for content negotiation purposes. For 4.x the fix also includes URL checks for SockJS URLs and validation of the JSONP callback parameter in all areas where JSONP is supported.

Step up your Open Source Security Game with WhiteSource here

CVE-2017-9801 High Severity Vulnerability detected by WhiteSource

CVE-2017-9801 - High Severity Vulnerability

Vulnerable Library - commons-email-1.4.jar

Apache Commons Email aims to provide an API for sending email. It is built on top of the JavaMail API, which it aims to simplify.

Library home page: http://commons.apache.org/proper/commons-email/

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/apache/commons/commons-email/1.4/commons-email-1.4.jar

Dependency Hierarchy:

alfresco-repository-6.56.17.jar (Root Library)
- activiti-engine-5.22.0.jar
  - ❌ commons-email-1.4.jar (Vulnerable Library)

Found in HEAD commit: 0da7eda5156750f521e172741ac40cdbb40cdfa5

Vulnerability Details

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.

Publish Date: 2017-08-07

URL: CVE-2017-9801

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: http://www.securitytracker.com/id/1039043

Release Date: 2017-12-31

Fix Resolution: The vendor has issued a fix (1.5).

The vendor advisory is available at:

http://commons.apache.org/proper/commons-email/security-reports.html

Step up your Open Source Security Game with WhiteSource here

WebApiNoAuth bug

The @WebApiNoAuth annotation is not working on a MultiPartResourceAction.Create method unless another EntityResourceAction.Create method is present in the same class.

Steps to reproduce:

Clone the sandbox project located here and see the https://github.com/andreaskring/alfresco-sdk4-sandbox/blob/master/src/main/java/dk/magenta/sdk4/webscripts/SandboxEntityResource.java#L29
A POST request to the endpoint above with e.g. curl -i -X POST -F 'xyz=abc' http://localhost:8080/alfresco/api/-default-/public/sandbox/versions/1/sandbox will respond with a HTTP status code 401.
If an extra endpoint is added to the class by using the EntityResourceAction.Create interface, and if this new endpoint method is annotated with the @WebApiNoAuth annotation, then the above mentioned endpoint in line 29 wil suddenly start to work as expected, i.e. it can be called without authentication.

So the presence of one endpoint affects the authentication properties of another endpoint, and I guess that this is not the expected behaviour?

CVE-2015-6748 Medium Severity Vulnerability detected by WhiteSource

CVE-2015-6748 - Medium Severity Vulnerability

Vulnerable Library - jsoup-1.7.2.jar

jsoup HTML parser

path: /root/.m2/repository/org/jsoup/jsoup/1.7.2/jsoup-1.7.2.jar

Library home page: http://jsoup.org/

Dependency Hierarchy:

alfresco-data-model-8.29.jar (Root Library)
- tika-parsers-1.17-20180201-alfresco-patched.jar
  - grib-4.5.5.jar
    - ❌ jsoup-1.7.2.jar (Vulnerable Library)

Vulnerability Details

Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.

Publish Date: 2017-09-25

URL: CVE-2015-6748

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-6748

Release Date: 2017-09-25

Fix Resolution: 1.8.3.

Step up your Open Source Security Game with WhiteSource here

Alfresco REST API multiple values handling

Hi all,
We have found a weird behaviour when using alfresco REST API endpoints.
Alfesco community version 6.2.0-GA with docker deployment

When editing a node(/nodes/{nodeId} endpoint), we can specify a list for custom multivalued properties, like this:
{"properties": {"custom:multivalued_field": ["a", "b", "c"]}}

We need some of these values to be null or void, but we found that we can specify null values at all positions, except at the first one. So, this works:
{"properties": {"custom:multivalued_field": ["a", null, "c"]}}
also this:
{"properties": {"custom:multivalued_field": ["a", null, "c", null, null]}}
but not this:
{"properties": {"custom:multivalued_field": [null, "a", null, "c", null, null]}}
in this last one, first null value is ignored.

Is this a bug or are we missing something about multivalued properties through REST API?

Thanks in advance

CVE-2018-1294 High Severity Vulnerability detected by WhiteSource

CVE-2018-1294 - High Severity Vulnerability

Vulnerable Library - commons-email-1.4.jar

Apache Commons Email aims to provide an API for sending email. It is built on top of the JavaMail API, which it aims to simplify.

Library home page: http://commons.apache.org/proper/commons-email/

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/apache/commons/commons-email/1.4/commons-email-1.4.jar

Dependency Hierarchy:

alfresco-repository-6.56.17.jar (Root Library)
- activiti-engine-5.22.0.jar
  - ❌ commons-email-1.4.jar (Vulnerable Library)

Found in HEAD commit: 0da7eda5156750f521e172741ac40cdbb40cdfa5

Vulnerability Details

If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String).

Publish Date: 2018-03-20

URL: CVE-2018-1294

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1294

Release Date: 2019-03-20

Fix Resolution: EMAIL_1_5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-12418 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-12418 - Medium Severity Vulnerability

Vulnerable Library - junrar-0.7.jar

rar decompression library in plain java

path: /root/.m2/repository/com/github/junrar/junrar/0.7/junrar-0.7.jar

Library home page: https://github.com/junrar/junrar

Dependency Hierarchy:

alfresco-data-model-8.29.jar (Root Library)
- tika-parsers-1.17-20180201-alfresco-patched.jar
  - ❌ junrar-0.7.jar (Vulnerable Library)

Vulnerability Details

Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Publish Date: 2018-06-14

URL: CVE-2018-12418

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-12418

Release Date: 2018-06-14

Fix Resolution: 1.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11040 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-11040 - Medium Severity Vulnerability

Vulnerable Library - spring-web-5.0.4.RELEASE.jar

Spring Web

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/springframework/spring-web/5.0.4.RELEASE/spring-web-5.0.4.RELEASE.jar

Dependency Hierarchy:

alfresco-repository-6.56.17.jar (Root Library)
- ❌ spring-web-5.0.4.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: 0da7eda5156750f521e172741ac40cdbb40cdfa5

Vulnerability Details

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

Publish Date: 2018-06-25

URL: CVE-2018-11040

CVSS 3 Score Details (5.9)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-11040

Release Date: 2018-06-25

Fix Resolution: 5.0.7,4.3.18

Step up your Open Source Security Game with WhiteSource here

WS-2009-0001 Low Severity Vulnerability detected by WhiteSource

WS-2009-0001 - Low Severity Vulnerability

Vulnerable Library - commons-codec-1.11.jar

The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

Library home page: http://commons.apache.org/proper/commons-codec/

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/commons-codec/commons-codec/1.11/commons-codec-1.11.jar

Dependency Hierarchy:

alfresco-repository-7.33.15.jar (Root Library)
- ❌ commons-codec-1.11.jar (Vulnerable Library)

Found in HEAD commit: 6a5df31f1f2c57a1754191ef5419d35be65fb8df

Vulnerability Details

Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.

Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability

Publish Date: 2007-10-07

URL: WS-2009-0001

CVSS 2 Score Details (0.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

CVE-2016-5007 High Severity Vulnerability detected by WhiteSource

CVE-2016-5007 - High Severity Vulnerability

Vulnerable Library - spring-webmvc-3.2.14.RELEASE.jar

Spring Web MVC

path: /root/.m2/repository/org/springframework/spring-webmvc/3.2.14.RELEASE/spring-webmvc-3.2.14.RELEASE.jar

Library home page: https://github.com/SpringSource/spring-framework

Dependency Hierarchy:

spring-webscripts-6.21.jar (Root Library)
- ❌ spring-webmvc-3.2.14.RELEASE.jar (Vulnerable Library)

Vulnerability Details

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Publish Date: 2017-05-25

URL: CVE-2016-5007

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pivotal.io/security/cve-2016-5007

Release Date: 2017-05-25

Fix Resolution: v4.3.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-1324 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-1324 - Medium Severity Vulnerability

Vulnerable Library - commons-compress-1.15.jar

Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE, LZ4, Brotli and ar, cpio, jar, tar, zip, dump, 7z, arj.

Library home page: http://commons.apache.org/proper/commons-compress/

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/apache/commons/commons-compress/1.15/commons-compress-1.15.jar

Dependency Hierarchy:

alfresco-repository-6.56.17.jar (Root Library)
- ❌ commons-compress-1.15.jar (Vulnerable Library)

Found in HEAD commit: 0da7eda5156750f521e172741ac40cdbb40cdfa5

Vulnerability Details

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

Publish Date: 2018-03-16

URL: CVE-2018-1324

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1324

Release Date: 2018-03-16

Fix Resolution: 1.16

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11771 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-11771 - Medium Severity Vulnerability

Vulnerable Library - commons-compress-1.15.jar

Library home page: http://commons.apache.org/proper/commons-compress/

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/apache/commons/commons-compress/1.15/commons-compress-1.15.jar

Dependency Hierarchy:

alfresco-repository-6.56.17.jar (Root Library)
- ❌ commons-compress-1.15.jar (Vulnerable Library)

Found in HEAD commit: 0da7eda5156750f521e172741ac40cdbb40cdfa5

Vulnerability Details

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.

Publish Date: 2018-08-16

URL: CVE-2018-11771

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-11771

Release Date: 2019-04-08

Fix Resolution: 1.18

Step up your Open Source Security Game with WhiteSource here

CVE-2016-9878 High Severity Vulnerability detected by WhiteSource

CVE-2016-9878 - High Severity Vulnerability

Vulnerable Library - spring-webmvc-3.2.14.RELEASE.jar

Spring Web MVC

path: /root/.m2/repository/org/springframework/spring-webmvc/3.2.14.RELEASE/spring-webmvc-3.2.14.RELEASE.jar

Library home page: https://github.com/SpringSource/spring-framework

Dependency Hierarchy:

spring-webscripts-6.21.jar (Root Library)
- ❌ spring-webmvc-3.2.14.RELEASE.jar (Vulnerable Library)

Vulnerability Details

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Publish Date: 2016-12-29

URL: CVE-2016-9878

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pivotal.io/security/cve-2016-9878

Release Date: 2017-12-31

Fix Resolution: Users of affected versions should apply the following mitigation: 4.3.x users should upgrade to 4.3.5 4.2.x users should upgrade to 4.2.9 3.2.x users should upgrade to 3.2.18 Note that few applications are likely to use the . It has been generally superseded since version 3.0 (circa 2009) by the and related classes that have been in use by default and provide much more advanced capabilities, see “” in the reference documentation. The is now deprecated in 3.2.x and 4.x and is removed altogether starting with version 5.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11797 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-11797 - Medium Severity Vulnerability

Vulnerable Library - pdfbox-2.0.8.jar

The Apache PDFBox library is an open source Java tool for working with PDF documents.

Library home page: http://www.apache.org/pdfbox-parent/pdfbox/

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/apache/pdfbox/pdfbox/2.0.8/pdfbox-2.0.8.jar

Dependency Hierarchy:

alfresco-repository-6.56.17.jar (Root Library)
- ❌ pdfbox-2.0.8.jar (Vulnerable Library)

Found in HEAD commit: 0da7eda5156750f521e172741ac40cdbb40cdfa5

Vulnerability Details

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.

Publish Date: 2018-10-05

URL: CVE-2018-11797

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-11797

Release Date: 2019-04-08

Fix Resolution: 1.8.16,2.0.12

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11039 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-11039 - Medium Severity Vulnerability

Vulnerable Library - spring-web-5.0.4.RELEASE.jar

Spring Web

Library home page: https://github.com/spring-projects/spring-framework

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/springframework/spring-web/5.0.4.RELEASE/spring-web-5.0.4.RELEASE.jar

Dependency Hierarchy:

alfresco-repository-6.56.17.jar (Root Library)
- ❌ spring-web-5.0.4.RELEASE.jar (Vulnerable Library)

Found in HEAD commit: 0da7eda5156750f521e172741ac40cdbb40cdfa5

Vulnerability Details

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Publish Date: 2018-06-25

URL: CVE-2018-11039

CVSS 3 Score Details (5.9)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-11039

Release Date: 2018-06-25

Fix Resolution: 5.0.7,4.3.18

Step up your Open Source Security Game with WhiteSource here

CVE-2019-12086 (High) detected in jackson-databind-2.9.8.jar

CVE-2019-12086 - High Severity Vulnerability

Vulnerable Library - jackson-databind-2.9.8.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: 2/repository/com/fasterxml/jackson/core/jackson-databind/2.9.8/jackson-databind-2.9.8.jar

Dependency Hierarchy:

❌ jackson-databind-2.9.8.jar (Vulnerable Library)

Found in HEAD commit: d26f64d35dbabaf7bd814dd077f2ada34c64338c

Vulnerability Details

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.

Publish Date: 2019-05-17

URL: CVE-2019-12086

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086

Release Date: 2019-05-17

Fix Resolution: 2.9.9

Step up your Open Source Security Game with WhiteSource here

RemoteFileFolderLoaderTest hangs

fresh checkout of tag alfresco-remote-api-7.35
empty PostgreSQL database has been created

The unit test RemoteFileFolderLoaderTest hangs:

$ mvn clean test \
  -Ddb.driver=org.postgresql.Driver \
  -Ddb.name=alfresco-6 \
  -Ddb.url=jdbc:postgresql:alfresco-6 \
  -Ddb.username=lutz \
  -Ddb.password=secret
...

[INFO] -------------------------------------------------------
[INFO]  T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.alfresco.heatbeat.RenditionsDataCollectorTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.288 s - in org.alfresco.heatbeat.RenditionsDataCollectorTest
[INFO] Running org.alfresco.repo.model.filefolder.RemoteFileFolderLoaderTest

No output is written to target/surefire-reports/org.alfresco.repo.model.filefolder.RemoteFileFolderLoaderTest-output.txt.

What is missing?

CVE-2019-0194 (High) detected in camel-core-2.22.1.jar

CVE-2019-0194 - High Severity Vulnerability

Vulnerable Library - camel-core-2.22.1.jar

The Core Camel Java DSL based router

Library home page: http://camel.apache.org/camel-parent/camel-core

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/org/apache/camel/camel-core/2.22.1/camel-core-2.22.1.jar

Dependency Hierarchy:

alfresco-repository-7.33.17 (Root Library)
- camel-spring-2.22.1.jar
  - ❌ camel-core-2.22.1.jar (Vulnerable Library)

Found in HEAD commit: b974379790ad789a18543c415d049bca0dd8a7ef

Vulnerability Details

Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.

Publish Date: 2019-04-30

URL: CVE-2019-0194

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: http://www.openwall.com/lists/oss-security/2019/04/30/2

Release Date: 2019-04-30

Fix Resolution: 2.21.5,2.22.3,2.23.1

Step up your Open Source Security Game with WhiteSource here

CVE-2012-5783 Medium Severity Vulnerability detected by WhiteSource

CVE-2012-5783 - Medium Severity Vulnerability

Vulnerable Library - commons-httpclient-3.1.jar

The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily.

path: /root/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar

Library home page: http://jakarta.apache.org/httpcomponents/httpclient-3.x/

Dependency Hierarchy:

alfresco-opencmis-extension-1.1.jar (Root Library)
- ❌ commons-httpclient-3.1.jar (Vulnerable Library)

Vulnerability Details

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Publish Date: 2012-11-04

URL: CVE-2012-5783

CVSS 2 Score Details (5.8)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: http://xforce.iss.net/xforce/xfdb/79984

Release Date: 2017-12-31

Fix Resolution: Apply the appropriate patch for your system. See References.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-10237 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-10237 - Medium Severity Vulnerability

Vulnerable Library - guava-24.0-jre.jar

Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.

Library home page: https://github.com/google/guava/guava

Path to dependency file: /alfresco-remote-api/pom.xml

Path to vulnerable library: /root/.m2/repository/com/google/guava/guava/24.0-jre/guava-24.0-jre.jar

Dependency Hierarchy:

alfresco-repository-7.33.15.jar (Root Library)
- ❌ guava-24.0-jre.jar (Vulnerable Library)

Found in HEAD commit: 6a5df31f1f2c57a1754191ef5419d35be65fb8df

Vulnerability Details

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Publish Date: 2018-04-26

URL: CVE-2018-10237

CVSS 3 Score Details (5.9)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-10237

Release Date: 2018-04-26

Fix Resolution: 24.1.1

Step up your Open Source Security Game with WhiteSource here

notPublicExceptions breaks RetryingTransactionHelper mechanism

Hi,

Setting java.sql.SQLException as notPublicExceptions under web-scripts-application-context.xml will break RetryingTransactionHelper mechanism. (Under heavy load It cause some webscript call failed, that should'nt)

Indeed if SQLException is thrown by javascript webscript hidding it will not let AbstractWebScript unwrap the original Exception from JavaScriptException (under createStatusException), then it will not let RetryingTransactionHelper catch it for retry.

Here is log that show it:

14:09 24/09/20 DEBUG [RetryingTransactionHelper]  
Transaction commit failed: 
   Thread: tomcat-http--27
   Txn:    UserTransaction[object=org.alfresco.util.transaction.SpringAwareUserTransaction@2302ec7e, status=0]
   Iteration: 0
   Exception follows:

org.springframework.extensions.webscripts.WebScriptException: 08240759 org.springframework.dao.DeadlockLoserDataAccessException: --> Exception is hide here by RepositoryContainer notPublicExceptions

### Error updating database.  Cause: com.mysql.cj.jdbc.exceptions.MySQLTransactionRollbackException: Deadlock found when trying to get lock; try restarting transaction
....
Caused by: org.mozilla.javascript.JavaScriptException: JavaException: org.springframework.dao.DeadlockLoserDataAccessException:

--> JavaException has not been extract by AbstractWebScript createStatusException

Hope it's clear.

alfresco / alfresco-remote-api Goto Github PK

alfresco-remote-api's Introduction

This project has now been Archived

Alfresco Remote API

Building and testing

Artifacts

Contributing guide

alfresco-remote-api's People

Contributors

Stargazers

Watchers

Forkers

alfresco-remote-api's Issues

CVE-2017-12624 - Medium Severity Vulnerability

CVE-2016-2510 - High Severity Vulnerability

CVE-2018-8039 - High Severity Vulnerability

CVE-2018-1272 - High Severity Vulnerability

CVE-2018-15756 - High Severity Vulnerability

CVE-2015-5211 - High Severity Vulnerability

CVE-2017-9801 - High Severity Vulnerability

CVE-2015-6748 - Medium Severity Vulnerability

CVE-2018-1294 - High Severity Vulnerability

CVE-2018-12418 - Medium Severity Vulnerability

CVE-2018-11040 - Medium Severity Vulnerability

WS-2009-0001 - Low Severity Vulnerability

CVE-2016-5007 - High Severity Vulnerability

CVE-2018-1324 - Medium Severity Vulnerability

CVE-2018-11771 - Medium Severity Vulnerability

CVE-2016-9878 - High Severity Vulnerability

CVE-2018-11797 - Medium Severity Vulnerability

CVE-2018-11039 - Medium Severity Vulnerability

CVE-2019-12086 - High Severity Vulnerability

CVE-2019-0194 - High Severity Vulnerability

CVE-2012-5783 - Medium Severity Vulnerability

CVE-2018-10237 - Medium Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org