WS-2009-0001 Low Severity Vulnerability detected by WhiteSource #7

mend-bolt-for-github · 2018-10-08T14:20:07Z

WS-2009-0001 - Low Severity Vulnerability

Vulnerable Library - commons-codec-1.6.jar

path: /root/.m2/repository/commons-codec/commons-codec/1.6/commons-codec-1.6.jar

Library home page: http://commons.apache.org/codec/

Dependency Hierarchy:

httpclient-4.3.1.jar (Root Library)
- ❌ commons-codec-1.6.jar (Vulnerable Library)

Found in commit: f396e60bf74726f66a202d308a1f2865177e4bee

Vulnerability Details

Not all "business" method implementations of public API in Apache Commons Codec 1.x are thread safe, which might disclose the wrong data or allow an attacker to change non-private fields.

Updated 2018-10-07 - an additional review by WhiteSource research team could not indicate on a clear security vulnerability

Publish Date: 2007-10-07

URL: WS-2009-0001

CVSS 2 Score Details (0.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Oct 8, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2009-0001 Low Severity Vulnerability detected by WhiteSource #7

WS-2009-0001 Low Severity Vulnerability detected by WhiteSource #7

mend-bolt-for-github bot commented Oct 8, 2018

WS-2009-0001 Low Severity Vulnerability detected by WhiteSource #7

WS-2009-0001 Low Severity Vulnerability detected by WhiteSource #7

Comments

mend-bolt-for-github bot commented Oct 8, 2018

WS-2009-0001 - Low Severity Vulnerability