logzio / sawmill Goto Github PK

Sawmill is a JSON transformation Java library

License: Apache License 2.0

Java 100.00%

json transformation grok geoip user-agent maxmind mustache opensource

sawmill's Introduction

Update: June 25, 2020 The 2.0 release of Sawmill introduces a breaking change to the GeoIpProcessor to comply with the updated license of the MaxMind Lite database. See https://github.com/logzio/sawmill/wiki/GeoIp-Processor for additional details.

Sawmill is a JSON transformation open source library.

It enables you to enrich, transform, and filter your JSON documents.

Using Sawmill pipelines you can integrate your favorite groks, geoip, user-agent resolving, add or remove fields/tags and more in a descriptive manner, using configuration files or builders, in a simple DSL, allowing you to dynamically change transformations.

Download

Get Sawmill Java via Maven:

<dependency>
    <groupId>io.logz.sawmill</groupId>
    <artifactId>sawmill-core</artifactId>
    <version>2.0.21</version>
</dependency>

or Gradle:

compile 'io.logz.sawmill:sawmill-core:2.0.21'

Documentation

The full Sawmill documentation can be found here.

Simple configuration example

{
  "steps": [
    {
      "grok": {
        "config": {
          "field": "message",
          "overwrite": [
            "message"
          ],
          "patterns": [
            "(%{IPORHOST:client_ip}|-) %{USER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp}\\] \\\"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion:float})?|%{DATA:rawrequest})\\\" %{NUMBER:response:int} (?:%{NUMBER:bytes:float}|-) B %{DATA:thread} %{NUMBER:response_time:float} ms %{DATA:servername} %{DATA:client_id:int}(\\;%{NOTSPACE})? %{DATA:device_id} %{DATA}"
          ]
        }
      }
    },
    {
      "removeField": {
        "config": {
          "path": "message"
        }
      }
    }
  ]
}

sawmill's People

Contributors

Stargazers

Watchers

sawmill's Issues

CVE-2015-6420 High Severity Vulnerability detected by WhiteSource

CVE-2015-6420 - High Severity Vulnerability

Vulnerable Library - commons-collections4-4.0.jar

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

path: 2/repository/org/apache/commons/commons-collections4/4.0/commons-collections4-4.0.jar

Library home page: http://commons.apache.org/proper/commons-collections/

Dependency Hierarchy:

❌ commons-collections4-4.0.jar (Vulnerable Library)

Vulnerability Details

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Publish Date: 2015-12-15

URL: CVE-2015-6420

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

CVE-2020-9547 (Medium) detected in jackson-databind-2.9.10.1.jar

CVE-2020-9547 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.9.10.1.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /tmp/ws-scm/sawmill/sawmill-core/pom.xml

Path to vulnerable library: epository/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/jackson-databind-2.9.10.1.jar

Dependency Hierarchy:

❌ jackson-databind-2.9.10.1.jar (Vulnerable Library)

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).

Publish Date: 2020-03-02

URL: CVE-2020-9547

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9547

Release Date: 2020-03-02

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.10.3

Check this box to open an automated fix PR

CVE-2020-9546 (Medium) detected in jackson-databind-2.9.10.1.jar

CVE-2020-9546 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.9.10.1.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /tmp/ws-scm/sawmill/sawmill-core/pom.xml

Path to vulnerable library: epository/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/jackson-databind-2.9.10.1.jar

Dependency Hierarchy:

❌ jackson-databind-2.9.10.1.jar (Vulnerable Library)

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).

Publish Date: 2020-03-02

URL: CVE-2020-9546

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546

Release Date: 2020-03-02

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.10.3

Check this box to open an automated fix PR

Add Processor

How do I add a new custom processor?

PipelineExecutor does not allow to close internal resources

We recently started using Sawmill, and noticed a thread leak issue.
We tracked it down to creation of multiple instances of PipelineExecutor s -
It internally allocates a watchdog, which allocates an Executor, but the PipelineExecutor does not expose a close method to close it when done.

I created a (very small) pull request w/ a fix:
#171

Thanks

The project uses "jackson-module-afterburner" which does not work well with Java 9+

The Jackson module uses illegal reflective access.
You can see FasterXML/jackson-modules-base#37 for more details.

CVE-2020-9548 (Medium) detected in jackson-databind-2.9.10.1.jar

CVE-2020-9548 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.9.10.1.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /tmp/ws-scm/sawmill/sawmill-core/pom.xml

Path to vulnerable library: epository/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/jackson-databind-2.9.10.1.jar

Dependency Hierarchy:

❌ jackson-databind-2.9.10.1.jar (Vulnerable Library)

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).

Publish Date: 2020-03-02

URL: CVE-2020-9548

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9548

Release Date: 2020-03-02

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.10.3

Check this box to open an automated fix PR

CVE-2015-7501 High Severity Vulnerability detected by WhiteSource

CVE-2015-7501 - High Severity Vulnerability

Vulnerable Library - commons-collections4-4.0.jar

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

path: 2/repository/org/apache/commons/commons-collections4/4.0/commons-collections4-4.0.jar

Library home page: http://commons.apache.org/proper/commons-collections/

Dependency Hierarchy:

❌ commons-collections4-4.0.jar (Vulnerable Library)

Vulnerability Details

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Publish Date: 2017-11-09

URL: CVE-2015-7501

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7501

Release Date: 2017-12-31

Fix Resolution: Upgrade to version apache-commons-collections 4.1, apache-commons-collections 3.2.2 or greater

Step up your Open Source Security Game with WhiteSource here

Add statement

How do I add a new custom statement like if statement?

WS-2009-0001 Low Severity Vulnerability detected by WhiteSource

WS-2009-0001 - Low Severity Vulnerability

Vulnerable Library - commons-codec-1.9.jar

The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

path: /root/.m2/repository/commons-codec/commons-codec/1.9/commons-codec-1.9.jar

Library home page: http://commons.apache.org/proper/commons-codec/

Dependency Hierarchy:

geoip2-2.10.0.jar (Root Library)
- httpclient-4.5.3.jar
  - ❌ commons-codec-1.9.jar (Vulnerable Library)

Vulnerability Details

Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.

Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability

Publish Date: 2007-10-07

URL: WS-2009-0001

CVSS 2 Score Details (0.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

CVE-2020-10672 (Medium) detected in jackson-databind-2.9.10.1.jar

CVE-2020-10672 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.9.10.1.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /tmp/ws-scm/sawmill/sawmill-core/pom.xml

Path to vulnerable library: epository/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/jackson-databind-2.9.10.1.jar

Dependency Hierarchy:

❌ jackson-databind-2.9.10.1.jar (Vulnerable Library)

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).

Publish Date: 2020-03-18

URL: CVE-2020-10672

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: FasterXML/jackson-databind@592872f

Release Date: 2020-03-16

Fix Resolution: Replace or update the following files: SubTypeValidator.java, VERSION-2.x

KV - Add option to add properties to targetField instead of completely override it

Given a 'kv' processor, It's kind of essential to be able to add matching keys to the targetField, if exists, instead of completely override it.
For example:

{
    "kv": {
      "config": {
        "field": "kv",
        "fieldSplit": "\\|#",
        "includeKeys": [
          "key1",
          "key2",
          "key3"
        ],
        "targetField": "@params",
        "targetFieldMergeStrategy": "Replace" | "Concat" <-- suggestion
      }
    }
}

In the example above, given a log such as:

{
  ...
  "message": "My log message|#key1=value1|#key2=value2|#key3=value3",
  "@params":
    "my": "param"
}

the final result shoud be:

{
  ...
  "message": "My log message|#key1=value1|#key2=value2|#key3=value3",
  "@params":
    "my": "param",
    "key1": "value1",
    "key2": "value2",
    "key3": "value3"
}

currently we are getting:

{
  ...
  "message": "My log message|#key1=value1|#key2=value2|#key3=value3",
  "@params":
    "key1": "value1",
    "key2": "value2",
    "key3": "value3"
}

CVE-2019-20330 (High) detected in jackson-databind-2.9.10.1.jar

CVE-2019-20330 - High Severity Vulnerability

Vulnerable Library - jackson-databind-2.9.10.1.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /tmp/ws-scm/sawmill/sawmill-core/pom.xml

Path to vulnerable library: epository/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/jackson-databind-2.9.10.1.jar

Dependency Hierarchy:

❌ jackson-databind-2.9.10.1.jar (Vulnerable Library)

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

Publish Date: 2020-01-05

URL: CVE-2019-20330

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.9.10.2

Release Date: 2020-01-03

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.9.10.2

Check this box to open an automated fix PR

Failing Commit after the passing one

The commit 8f2981b successfully builds the project.
Author: templatevk [email protected] Date: Fri Jun 12 12:19:32 2020 +0300

_Introduced GeoIpConfiguration configuration_

Whereas the previous commit 871b4ce leads to a build failure.
Author: templatevk [email protected] Date: Fri Jun 12 12:14:05 2020 +0300

Added processor factory configuration to inject processor creation stage dependencies

Changes in the failing commit: it compiles the code but the test fails.
$ git show 871b4ce

Link for the changes in the failing commit.
The build has failed too.

.....
Show Error- All saw-mill core files have changed and the below sawmill-core shows failure
...
[WARNING] The project io.logz.sawmill:sawmill-benchmark:jar:0-SNAPSHOT uses prerequisites which is only intended for maven-plugin projects but not for non maven-plugin projects. For such purposes you should use the maven-enforcer-plugin. See https://maven.apache.org/enforcer/enforcer-rules/requireMavenVersion.html ... [INFO] Reactor Summary for Sawmill 0-SNAPSHOT: [INFO] [INFO] Sawmill ............................................ SUCCESS [ 0.109 s] [INFO] sawmill-core ....................................... FAILURE [ 4.377 s] [INFO] sawmill-benchmark .................................. SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 5.200 s [INFO] Finished at: 2020-09-11T21:21:47-05:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.3:run (download-files) on project sawmill-core: An Ant BuildException has occured: java.net.UnknownHostException: geolite.maxmind.com: Unknown host geolite.maxmind.com -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn -rf :sawmill-core

Maven Version-

Java Version-

[shilpar2@fa20-cs527-037 sawmill]$ mvn --version Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f) Maven home: /usr/local/src/apache-maven Java version: 1.8.0_262, vendor: Oracle Corporation, runtime: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/jre Default locale: en_US, platform encoding: UTF-8 OS name: "linux", version: "3.10.0-1127.18.2.el7.x86_64", arch: "amd64", family: "unix" [shilpar2@fa20-cs527-037 sawmill]$ java -version openjdk version "1.8.0_262" OpenJDK Runtime Environment (build 1.8.0_262-b10) OpenJDK 64-Bit Server VM (build 25.262-b10, mixed mode)

INFERENCE - in the passing commit after the failing one:

Failing commit -

... 
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.3:run (download-files) on project sawmill-core: An Ant BuildException has occured: java.net.UnknownHostException: geolite.maxmind.com: Unknown host geolite.maxmind.com -> [Help 1] 
...

Passing commit, the following was removed from the POM file: .
.. http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz ... from the build ...

Changes to GeoLite2 license and distribution will cause problems for this project

The URL in the maxMindGeoIpCityUrl property will stop functioning on December 30th.

Due to upcoming data privacy regulations, MaxMind are making significant changes to how users access free MaxMind GeoLite2 databases starting December 30, 2019. The databases will continue to be available without charge and for redistribution. However, you will be required to create an account and use a license key to download the databases, and agree to a new EULA that addresses applicable data privacy regulations.

Learn more on the MaxMind blog: https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/.

Mark Fowler
MaxMind

CVE-2020-8840 (Medium) detected in jackson-databind-2.9.10.1.jar

CVE-2020-8840 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.9.10.1.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /tmp/ws-scm/sawmill/sawmill-core/pom.xml

Path to vulnerable library: epository/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/jackson-databind-2.9.10.1.jar

Dependency Hierarchy:

❌ jackson-databind-2.9.10.1.jar (Vulnerable Library)

Vulnerability Details

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.

Publish Date: 2020-02-10

URL: CVE-2020-8840

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: FasterXML/jackson-databind#2620

Release Date: 2020-02-10

Fix Resolution: 2.8.115,2.9.10.3

JSONpath support

How is it difficult to add JSON path support? There are cases when doted fqdn is just impossible to know upfront.

{  
  addField: {  
    config: {  
       jsonpath: "$..author"
       value: "replace"
    }
  }
}

Does Sawmill Stream Large Documents?

Just wondering if Sawmill streams the data into memory as processors perform their work or does it load the files all at once? Some files can be really large and wondering if it buffers data to perform the transformations?

CVE-2020-10673 (Medium) detected in jackson-databind-2.9.10.1.jar

CVE-2020-10673 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.9.10.1.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /tmp/ws-scm/sawmill/sawmill-core/pom.xml

Path to vulnerable library: epository/com/fasterxml/jackson/core/jackson-databind/2.9.10.1/jackson-databind-2.9.10.1.jar

Dependency Hierarchy:

❌ jackson-databind-2.9.10.1.jar (Vulnerable Library)

Vulnerability Details

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).

Publish Date: 2020-03-18

URL: CVE-2020-10673

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

The spelling mistake “Substitue Processor” in Wiki

hello，
when I see the wiki，I find a spelling mistake，
the “Substitue Processor”，the spelling of word “substitue” should be “substitute”，you lost the “t”

AddField

Is it possible to inject a unique identifier (UUID) using the AddField processor?

CVE-2017-18640 (High) detected in snakeyaml-1.20.jar

CVE-2017-18640 - High Severity Vulnerability

Vulnerable Library - snakeyaml-1.20.jar

YAML 1.1 parser and emitter for Java

Library home page: http://www.snakeyaml.org

Path to dependency file: /tmp/ws-scm/sawmill/sawmill-core/pom.xml

Path to vulnerable library: /root/.m2/repository/org/yaml/snakeyaml/1.20/snakeyaml-1.20.jar

Dependency Hierarchy:

uap-java-1.4.0.jar (Root Library)
- ❌ snakeyaml-1.20.jar (Vulnerable Library)

Vulnerability Details

The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Publish Date: 2019-12-12

URL: CVE-2017-18640

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2018-10237 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-10237 - Medium Severity Vulnerability

Vulnerable Library - guava-19.0.jar

Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.

Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.</p>

path: 2/repository/com/google/guava/guava/19.0/guava-19.0.jar

Library home page: https://github.com/google/guava/guava

Dependency Hierarchy:

❌ guava-19.0.jar (Vulnerable Library)

Vulnerability Details

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Publish Date: 2018-04-26

URL: CVE-2018-10237

CVSS 3 Score Details (5.9)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-10237

Release Date: 2018-04-26

Fix Resolution: 24.1.1

Step up your Open Source Security Game with WhiteSource here

logzio / sawmill Goto Github PK

sawmill's Introduction

Download

Documentation

Simple configuration example

sawmill's People

Contributors

Stargazers

Watchers

Forkers

sawmill's Issues

CVE-2015-6420 - High Severity Vulnerability

CVE-2020-9547 - Medium Severity Vulnerability

CVE-2020-9546 - Medium Severity Vulnerability

CVE-2020-9548 - Medium Severity Vulnerability

CVE-2015-7501 - High Severity Vulnerability

WS-2009-0001 - Low Severity Vulnerability

CVE-2020-10672 - Medium Severity Vulnerability

CVE-2019-20330 - High Severity Vulnerability

CVE-2020-8840 - Medium Severity Vulnerability

CVE-2020-10673 - Medium Severity Vulnerability

CVE-2017-18640 - High Severity Vulnerability

CVE-2018-10237 - Medium Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org