Vulnerable Library - ant-1.6.2.jar
Path to dependency file: /webgoat-lessons/vulnerable-components/pom.xml
Path to vulnerable library: /webgoat-lessons/vulnerable-components/pom.xml,/webgoat-server/pom.xml,/webgoat-integration-tests/pom.xml
Found in HEAD commit: d009fa7fce1dede0a3ec27d4e5deb31ab5da228b
Vulnerabilities
| CVE |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (ant version) |
Remediation Possible** |
Reachability |
| CVE-620492-800285 |
 Critical |
9.8 |
ant-1.6.2.jar |
Direct |
N/A |
❌ |
|
| CVE-2012-2098 |
 Medium |
5.3 |
ant-1.6.2.jar |
Direct |
org.apache.ant:ant:1.8.4,org.apache.commons:commons-compress:1.4.1 |
✅ |
|
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-620492-800285
Vulnerable Library - ant-1.6.2.jar
Path to dependency file: /webgoat-lessons/vulnerable-components/pom.xml
Path to vulnerable library: /webgoat-lessons/vulnerable-components/pom.xml,/webgoat-server/pom.xml,/webgoat-integration-tests/pom.xml
Dependency Hierarchy:
- ❌ ant-1.6.2.jar (Vulnerable Library)
Found in HEAD commit: d009fa7fce1dede0a3ec27d4e5deb31ab5da228b
Found in base branch: master
Vulnerability Details
Created automatically by the test suite
Publish Date: 2010-06-07
URL: CVE-620492-800285
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
CVE-2012-2098
Vulnerable Library - ant-1.6.2.jar
Path to dependency file: /webgoat-lessons/vulnerable-components/pom.xml
Path to vulnerable library: /webgoat-lessons/vulnerable-components/pom.xml,/webgoat-server/pom.xml,/webgoat-integration-tests/pom.xml
Dependency Hierarchy:
- ❌ ant-1.6.2.jar (Vulnerable Library)
Found in HEAD commit: d009fa7fce1dede0a3ec27d4e5deb31ab5da228b
Found in base branch: master
Vulnerability Details
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Publish Date: 2012-06-29
URL: CVE-2012-2098
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098
Release Date: 2012-06-29
Fix Resolution: org.apache.ant:ant:1.8.4,org.apache.commons:commons-compress:1.4.1
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.
Path to dependency file: /webgoat-lessons/vulnerable-components/pom.xml
Path to vulnerable library: /webgoat-lessons/vulnerable-components/pom.xml,/webgoat-server/pom.xml,/webgoat-integration-tests/pom.xml
Found in HEAD commit: d009fa7fce1dede0a3ec27d4e5deb31ab5da228b
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - ant-1.6.2.jar
Path to dependency file: /webgoat-lessons/vulnerable-components/pom.xml
Path to vulnerable library: /webgoat-lessons/vulnerable-components/pom.xml,/webgoat-server/pom.xml,/webgoat-integration-tests/pom.xml
Dependency Hierarchy:
Found in HEAD commit: d009fa7fce1dede0a3ec27d4e5deb31ab5da228b
Found in base branch: master
Vulnerability Details
Created automatically by the test suite
Publish Date: 2010-06-07
URL: CVE-620492-800285
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Vulnerable Library - ant-1.6.2.jar
Path to dependency file: /webgoat-lessons/vulnerable-components/pom.xml
Path to vulnerable library: /webgoat-lessons/vulnerable-components/pom.xml,/webgoat-server/pom.xml,/webgoat-integration-tests/pom.xml
Dependency Hierarchy:
Found in HEAD commit: d009fa7fce1dede0a3ec27d4e5deb31ab5da228b
Found in base branch: master
Vulnerability Details
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Publish Date: 2012-06-29
URL: CVE-2012-2098
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098
Release Date: 2012-06-29
Fix Resolution: org.apache.ant:ant:1.8.4,org.apache.commons:commons-compress:1.4.1
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.