org.apache.jspwiki:jspwiki-builder@2.11.0.M6 vulnerabilities
-
latest version
2.12.2
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
4 months ago
-
licenses detected
- [2.10.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.jspwiki:jspwiki-builder package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.jspwiki:jspwiki-builder is a WikiWiki clone, written in Java and JSP. Affected versions of this package are vulnerable to Arbitrary Command Execution by using a carefuly crafted HTTP request on logout, which may allow an attacker to delete arbitrary files in the system, given that those files are reachable to the user running the package. How to fix Arbitrary Command Execution? Upgrade |
[,2.11.0)
|
org.apache.jspwiki:jspwiki-builder is a WikiWiki clone, written in Java and JSP. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via a crafted plugin link invocation related to the Denounce plugin. The attacker could be allowed to execute javascript in the victim's browser and get some sensitive information about the victim. How to fix Cross-site Scripting (XSS)? Upgrade |
[,2.11.0)
|