Contains the core Apache Derby database engine, which also includes the embedded JDBC driver.
Known vulnerabilities in the org.apache.derby:derby package. This does not include vulnerabilities belonging to this package’s dependencies.Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
org.apache.derby:derby is a subproject of the Apache DB project.
Affected versions of this package are vulnerable to Security Bypass. A specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control.
How to fix Security Bypass?
org.apache.derby:derby is a database engine by Apache.
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. When a Java Security Manager is not in place, it allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
How to fix XML External Entity (XXE) Injection?