Scantist CSA: Curated Security Advisory (1 Apr 2021)

Scantist CSA: Curated Security Advisory (1 Apr 2021)

Scantist Admin

Scantist Admin

- Curated Security Advisory

Scantist CSA:
Curated Security Advisory (1 Apr 2021)

Data is crawled between 24 – 31 Mar 2021

Java

Affected Library 1Highest CVE Score 2# of CVEs 3Affected Versions 4
com.thoughtworks.xstream:xstream9.911<=1.4.15
com.fasterxml.jackson.core:jackson-databind9.83<=2.9.10.6
io.netty:netty7.52<4.1.59
org.apache.velocity:velocity8.82<3.1
org.apache.tomcat:tomcat7.52>=7.0.0, <=7.0.107 , >=8.5.0, <=8.5.61 , >=9.0.0.M1,<=9.0.41 , >=10.0.0-M1, <=10.0.0
org.apache.pdfbox:pdfbox5.52>=2.0.0,<=2.0.22
apache:ofbiz9.81<17.12.06
org.scala-lang:jline7.81>=2.10.3,<=2.10.5
org.mortbay.jetty:jetty-webapp71<=9.4.32.v20200930 , >=10.0.0, <=10.0.0.beta2 , >=11.0.0, <=11.0.0.beta2
org.mitre:openid-connect-server9.11>=1.3.3
org.jboss.remoting:jboss-remoting7.51<5.0.14
org.darkphoenixs:log4j9.81<=1.2.17
org.fujion.webjars:lodash5.31<4.17.21
org.eclipse.jetty:jetty-webapp71<=9.4.32.v20200930 , >=10.0.0,<=10.0.0.beta2 , >=11.0.0,<=11.0.0.beta2
org.scala-lang:scala-compiler7.81<2.10.7 , >=2.11, <2.11.12 , >=2.12, <2.12.4
org.codehaus.jackson:jackson-mapper-asl7.511.9.0
org.apache.xmlgraphics:xmlgraphics-commons8.212.4
org.apache.unomi:unomi-wab9.81<=1.5.1
org.scala-lang:scala-actors7.812.10.0 , >= 2.10.2,<=2.11.5
org.scala-lang:scala-reflect7.812.10.0 , 2.10.0-M6 , >=2.10.1, <=2.10.6 , >=2.11.0, <= 2.11.1, >=2.11.8 , 2.11.11 , >=2.12.0 , <=2.12.3
org.scala-lang:scala-library7.812.7.7 , >=2.8.0.Beta1-RC5, <=2.8.0.RC1 , >=2.8.1, <=2.8.1.RC3 , >=2.9.0, <=2.9.3 , >=2.10.0, <=2.10.6 , >=2.11.0, <= 2.11.1, >=2.11.8 , 2.11.11 , >=2.12.0 , <=2.12.3
org.apache.unomi:unomi-root9.81<=1.5.1
org.scala-lang:scala-swing7.812.10.2 , >=2.10.4 ,<=2.10.5
org.scala-lang:scala-xml7.812.11.0-M4
org.scala-lang:scalap7.812.9.1 , 2.9.3 , 2.10.0 , 2.10.4 , >=2.11.0, <=2.11.2 , 2.11.6 , 2.11.8 , 2.11.11 , 2.12.1
org.slf4j:slf4j-ext9.81<1.7.26 , 1.8.0-alpha1 , 1.8.0-alpha2 , 1.8.0-beta1 , 1.8.0-beta2
org.typelevel:scala-library7.812.11.8
org.webjars.bower:lodash5.31<4.17.21
org.webjars.bowergithub.jashkenas:underscore0*1>=1.3.2, <1.12.1 , >=1.13.0-0, <1.13.0-2
org.webjars.bowergithub.lodash:lodash5.31<4.17.21
org.webjars.npm:ecstatic7.51<2.0.0
org.webjars.npm:lodash5.31<4.17.21
org.webjars:lodash5.31<=4.17.21
redhat:jboss_enterprise_application_platform7.51<7.2.4
redhat:resteasy0*1<=4.6.0.Final
org.apache.unomi:unomi-services9.81<=1.5.1
org.apache.unomi:unomi-kar9.81<=1.5.1
org.apache.unomi:unomi-plugins-base9.81<=1.5.1
net.sf.dozer:dozer9.81all_versions
apache:shiro9.81<1.7.0
apache:tomcat5.91>=7.0.0 <=7.0.106 , >=8.5.0 <=8.5.59 , >=9.0.0.M1 <=9.0.39 , >=10.0.0-M1 <=10.0.0-M9
com.cronutils:cron-utils8.11<=9.1.2
com.netflix.hollow:hollow4.41<=6.1.0
com.netflix.priam:priam5.51<=3.1.103
com.twitter:twitter-server_2.126.11<20.12.0
io.airlift:http-server5.91>=2.4.17, <=2.4.34
io.fabric8:kubernetes-client7.41>=4.2.0,<4.7.2 , >=4.8.0,<4.11.2 , >=4.12.0,<4.13.2 , >=5.0.0,<5.0.2
io.netty:netty-all7.51<4.1.42
io.netty:netty-codec-http20*1<4.1.61.Final
io.vertx:vertx-web9.81>=3.4.0, <=3.9.4 , >=4.0.0.Beta1, <=4.0.0-milestone5
keycloak:keycloak7.5113.0.0
log4j:log4j9.81>=1.2, <=1.2.17
org.apache.activemq:activemq-jaas7.51<=5.15.12 , 5.16.0
org.apache.unomi:unomi-persistence-elasticsearch-core9.81<=1.5.1
org.apache.activemq:artemis-server7.51<2.16.0
org.apache.druid:druid0*1<0.20.2
org.apache.dubbo:dubbo-rpc-http9.81<2.7.5
org.apache.httpcomponents:httpclient5.31<4.5.13 , >=5.0.0, <5.0.3
org.apache.logging.log4j:log4j-core9.81<2.8.2-rc1
org.apache.shiro:shiro-guice7.51<1.6.0
org.apache.shiro:shiro-spring7.51<1.6.0
org.apache.shiro:shiro-spring-boot-web-starter7.51<1.6.0
org.apache.shiro:shiro-web7.51<1.6.0
org.apache.solr:solr7.51>=5.0.0, <=8.3.1
org.apache.unomi:shell-commands9.81<=1.5.1
org.apache.unomi:unomi9.81<=1.5.1
apache:openmeetings7.51>=4.0.0, <=5.0.0
redhat:undertow7.51<2.0.25.SP1


1 Affected Library refers to the open source library that contains newly disclosed CVEs.

2 Highest CVE Score refers to the highest CVSS Score amongst the newly disclosed CVEs over the past week. Those omitted in dashes are yet to be determined by MITRE and NVD.

3 # of CVEs refers to number of newly disclosed CVEs over the past week.

4 Affected versions refers to the versions of affected library that contains the newly disclosed CVEs.



Affected libraries may also exist in your transitive dependencies.

Let Scantist help you identify your dependencies and vulnerabilities immediately. Sign up for free and start scanning now.

We support other languages upon request. Subscribe to receive our weekly CSA alerts straight to your inbox.