org.graylog2:graylog2-server@0.20.0-rc.1-1 vulnerabilities
-
latest version
6.1.1
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
a month ago
-
licenses detected
- [0.20.0-rc.1-1,4.0.0)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.graylog2:graylog2-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Insecure Randomness such that an external attacker could inject forged DNS responses into a Graylog's lookup table cache. Graylog seems to bind a single socket for outgoing DNS queries. That socket is bound to a random port number which is not changed again. How to fix Insecure Randomness? Upgrade |
[,5.0.9)
[5.1.0,5.1.3)
|
org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Directory Traversal. When starting Graylog with the JVM For example, when starting graylog-server like:
The use of The check for Note: This vulnerability does not apply to the standard installation methods. How to fix Directory Traversal? Upgrade |
[0,4.0.0-beta.1)
|
org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Improper Certificate Validation. It accepts LDAP server certificates whose root certificate is not in any trust store. This presents a vulnerability for man-in-the-middle attacks. How to fix Improper Certificate Validation? Upgrade |
[0,3.3.3)
|
org.graylog2:graylog2-server is an open source log management. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks due to not escaping text in notifications. How to fix Cross-site Scripting (XSS)? Upgrade |
[,2.4.4)
|
org.graylog2:graylog2-server is an open source log management. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks due to unescaped text in dashboard names. How to fix Cross-site Scripting (XSS)? Upgrade |
[,2.4.4)
|