io.dropwizard:dropwizard-validation@1.3.19 vulnerabilities
-
latest version
4.0.7
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
a month ago
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the io.dropwizard:dropwizard-validation package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
io.dropwizard:dropwizard-validation is a simple library for building production-ready RESTful web services. Affected versions of this package are vulnerable to Remote Code Execution (RCE). A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. How to fix Remote Code Execution (RCE)? Upgrade |
[1.3.0,1.3.21)
[2.0.0,2.0.3)
|