René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"CVE-2015-0254 (High) detected in jstl-1.2.jar","articleBody":"## CVE-2015-0254 - High Severity Vulnerability\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20\u003e Vulnerable Library - \u003cb\u003ejstl-1.2.jar\u003c/b\u003e\u003c/summary\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\u003cp\u003ePath to dependency file: /pom.xml\u003c/p\u003e\n\u003cp\u003ePath to vulnerable library: /ervlet/jstl/1.2/jstl-1.2.jar,/target/in28Minutes-first-webapp-0.0.1-SNAPSHOT/WEB-INF/lib/jstl-1.2.jar\u003c/p\u003e\n\u003cp\u003e\n\nDependency Hierarchy:\n  - :x: **jstl-1.2.jar** (Vulnerable Library)\n\u003cp\u003eFound in base branch: \u003cb\u003emaster\u003c/b\u003e\u003c/p\u003e\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20\u003e Vulnerability Details\u003c/summary\u003e\n\u003cp\u003e  \n  \nApache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) \u003cx:parse\u003e or (2) \u003cx:transform\u003e JSTL XML tag.\n\n\u003cp\u003ePublish Date: 2015-03-09\n\u003cp\u003eURL: \u003ca href=https://www.mend.io/vulnerability-database/CVE-2015-0254\u003eCVE-2015-0254\u003c/a\u003e\u003c/p\u003e\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20\u003e CVSS 3 Score Details (\u003cb\u003e7.3\u003c/b\u003e)\u003c/summary\u003e\n\u003cp\u003e\n\nBase Score Metrics:\n- Exploitability Metrics:\n  - Attack Vector: Network\n  - Attack Complexity: Low\n  - Privileges Required: None\n  - User Interaction: None\n  - Scope: Unchanged\n- Impact Metrics:\n  - Confidentiality Impact: Low\n  - Integrity Impact: Low\n  - Availability Impact: Low\n\u003c/p\u003e\nFor more information on CVSS3 Scores, click \u003ca href=\"https://www.first.org/cvss/calculator/3.0\"\u003ehere\u003c/a\u003e.\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\u003cdetails\u003e\u003csummary\u003e\u003cimg src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20\u003e Suggested Fix\u003c/summary\u003e\n\u003cp\u003e\n\n\u003cp\u003eType: Upgrade version\u003c/p\u003e\n\u003cp\u003eOrigin: \u003ca href=\"https://github.com/advisories/GHSA-6x4w-8w53-xrvv\"\u003ehttps://github.com/advisories/GHSA-6x4w-8w53-xrvv\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eRelease Date: 2015-03-09\u003c/p\u003e\n\u003cp\u003eFix Resolution: org.apache.taglibs:taglibs-standard-impl:1.2.3\u003c/p\u003e\n\n\u003c/p\u003e\n\u003c/details\u003e\n\u003cp\u003e\u003c/p\u003e\n\n***\nStep up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)","author":{"url":"https://github.com/mend-bolt-for-github[bot]","@type":"Person","name":"mend-bolt-for-github[bot]"},"datePublished":"2024-03-13T20:15:32.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/23/JavaWebApplicationStepByStep/issues/23"}