Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JAVA-IOHAWT-32085
- published 18 Feb 2018
- disclosed 17 Aug 2017
- credit Hooman Broujerdi
How to fix?
io.hawt:project to version 1.5.4 or higher.
io.hawt:project is an HTML5 web console with plugins for managing Java stuff.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). An attacker could trick the user to visit his website containing a malicious script which can be submitted to hawtio server on behalf of the user.