com.vmware.xenon:xenon-common@1.1.0-CR6 vulnerabilities

latest version

1.6.18
latest non vulnerable version

1.6.18
first published

8 years ago
latest version published

5 years ago
licenses detected
- Unknown
  [0.3.0,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.vmware.xenon:xenon-common package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Deserialization of Untrusted Data com.vmware.xenon:xenon-common is a framework for writing small REST-based services. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. How to fix Deserialization of Untrusted Data? Upgrade `com.vmware.xenon:xenon-common` to version 1.3.0 or higher.	[1.0.0,1.3.0)
H Authentication Bypass Affected versions of `com.vmware.xenon:xenon-common` are vulnerable to Authentication Bypass due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure. How to fix Authentication Bypass? Upgrade `com.vmware.xenon:xenon-common` to version 1.5.4-CR7_1, 1.5.4_7, 1.5.4-CR6_2, 1.5.4_8, 1.4.2-CR4_1, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1 or higher.	[,1.1.0-CR0-3) [1.1.0-CR1,1.1.0-CR3_1) [1.1.0-CR4,1.3.7-CR1_2) [1.4.0,1.4.2-CR4_1) [1.5.0,1.5.4-CR6_2) [1.5.4-CR7,1.5.4-CR7_1] [1.5.5,1.5.7_9)

Deserialization of Untrusted Data

com.vmware.xenon:xenon-common is a framework for writing small REST-based services.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.

How to fix Deserialization of Untrusted Data?

Upgrade com.vmware.xenon:xenon-common to version 1.3.0 or higher.

[1.0.0,1.3.0)

Authentication Bypass

Affected versions of com.vmware.xenon:xenon-common are vulnerable to Authentication Bypass due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.

How to fix Authentication Bypass?

Upgrade com.vmware.xenon:xenon-common to version 1.5.4-CR7_1, 1.5.4_7, 1.5.4-CR6_2, 1.5.4_8, 1.4.2-CR4_1, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1 or higher.

[,1.1.0-CR0-3) [1.1.0-CR1,1.1.0-CR3_1) [1.1.0-CR4,1.3.7-CR1_2) [1.4.0,1.4.2-CR4_1) [1.5.0,1.5.4-CR6_2) [1.5.4-CR7,1.5.4-CR7_1] [1.5.5,1.5.7_9)

Go back to all versions of this package

com.vmware.xenon:xenon-common@1.1.0-CR6 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities