dwr:dwr@0.9.2a vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the dwr:dwr package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Denial of Service (DoS) dwr:dwr is a DWR Direct Web Remoting AJAX library. Affected versions of this package are vulnerable to Denial of Service (DoS). Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch. How to fix Denial of Service (DoS)? There is no fixed version for `dwr:dwr`.	[0,)
H Improper Access Control dwr:dwr is a DWR Direct Web Remoting AJAX library. Affected versions of this package are vulnerable to Improper Access Control. It is possible to craft a request to DWR that avoided the `include/exclude` checks allowing an attacker to access public methods that should not be accessible. These checks are now made properly. How to fix Improper Access Control? There is no fixed version for `dwr:dwr`.	[0,)
H Denial of Service (DoS) dwr:dwr is a DWR Direct Web Remoting AJAX library. Affected versions of this package are vulnerable to Denial of Service (DoS). Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to crafted input. How to fix Denial of Service (DoS)? Upgrade `dwr:dwr` to version 1.1.3 or higher.	[,1.1.3)