2 results (0.001 seconds)

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. DependencyCheck para Maven 9.0.0 a 9.0.6, para la Interfaz de Línea de Comandos (CLI) versión 9.0.0 a 9.0.5 y para Ant versiones 9.0.0 a 9.0.5, cuando se usa en modo de depuración, permite a un atacante recuperar la clave API NVD de un archivo de registro. • https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. OWASP Dependency-Check en versiones anteriores a la 3.2.0 permite que los atacantes escriban en archivos arbitrarios mediante un archivo manipulado que tiene nombres de archivo de salto de directorio. • https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md#version-320-2018-05-21 https://github.com/snyk/zip-slip-vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-123: Write-what-where Condition •