Hi Dave, I ran the Snyk CLI tool on our two main branches a few weeks ago. See attached for the results.
On Tue, Oct 23, 2018 at 5:15 PM Dave Wichers <[email protected]> wrote: > I sent you some suggestions before, which inspired me to create this OWASP > page: > > https://www.owasp.org/index.php/Free_for_Open_Source_Application_Security_Tools > > Let me know what you think. Useful? Any suggested changes/additions? > > I know you are using Spot Bugs with the FindSecBugs plugin. Maybe you can > start using one of the Open Source Component Vulnerability Checking tools? > I know you didn't want to use Snyk because it wanted write access to your > github repo to create pull requests. However, you can instead use their > Command Line Interface, which doesn't require write access AND the results > are kept private to you, which is ALSO important :-) I'd love for your > team to give that a whirl and see if it works. > > Let me know if you try to use any of these other tools and how well they > do/do not work for you. Happy to help if your team needs any. > > I've never shown this to anyone else by the way. Your team is the first :-) > > Thanks, Dave >
Testing /home/mike/workspace/accumulo... ✗ Low severity vulnerability found in org.apache.commons:commons-compress Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-32473 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.commons:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.commons:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.commons:[email protected] and 16 more... ✗ Low severity vulnerability found in io.netty:netty Description: Information Disclosure Info: https://snyk.io/vuln/SNYK-JAVA-IONETTY-30430 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] > io.netty:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] > io.netty:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] > io.netty:[email protected] and 17 more... ✗ Low severity vulnerability found in com.jcraft:jsch Description: Directory Traversal Info: https://snyk.io/vuln/SNYK-JAVA-COMJCRAFT-30302 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > com.jcraft:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > com.jcraft:[email protected] From: org.apache.accumulo:[email protected] > org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > com.jcraft:[email protected] ✗ Medium severity vulnerability found in xerces:xercesImpl Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-JAVA-XERCES-30183 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > xerces:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > xerces:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > xerces:[email protected] and 16 more... ✗ Medium severity vulnerability found in tomcat:jasper-runtime Description: Access Restriction Bypass Info: https://snyk.io/vuln/SNYK-JAVA-TOMCAT-31377 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > tomcat:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > tomcat:[email protected] From: org.apache.accumulo:[email protected] > org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > tomcat:[email protected] ✗ Medium severity vulnerability found in tomcat:jasper-compiler Description: Access Restriction Bypass Info: https://snyk.io/vuln/SNYK-JAVA-TOMCAT-31376 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > tomcat:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > tomcat:[email protected] From: org.apache.accumulo:[email protected] > org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > tomcat:[email protected] ✗ Medium severity vulnerability found in org.eclipse.jetty:jetty-server Description: Authorization Bypass Info: https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32385 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.eclipse.jetty:[email protected] From: org.apache.accumulo:[email protected] > org.eclipse.jetty:[email protected] From: org.apache.accumulo:[email protected] > org.eclipse.jetty:[email protected] and 3 more... ✗ Medium severity vulnerability found in org.codehaus.plexus:plexus-utils Description: Directory Traversal Info: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31521 Introduced through: org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.maven:[email protected] > org.codehaus.plexus:[email protected] ✗ Medium severity vulnerability found in org.apache.zookeeper:zookeeper Description: Insufficiently Protected Credentials Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEZOOKEEPER-31035 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] and 17 more... ✗ Medium severity vulnerability found in org.apache.zookeeper:zookeeper Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEZOOKEEPER-31428 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] and 17 more... ✗ Medium severity vulnerability found in org.apache.zookeeper:zookeeper Description: Authentication Bypass Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEZOOKEEPER-32301 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] and 17 more... ✗ Medium severity vulnerability found in org.apache.httpcomponents:httpclient Description: Man-in-the-Middle (MitM) Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30646 Introduced through: org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.httpcomponents:[email protected] ✗ Medium severity vulnerability found in org.apache.httpcomponents:httpclient Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-30647 Introduced through: org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.httpcomponents:[email protected] ✗ Medium severity vulnerability found in org.apache.httpcomponents:httpclient Description: Directory Traversal Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.thrift:[email protected] > org.apache.httpcomponents:[email protected] From: org.apache.accumulo:[email protected] > org.apache.thrift:[email protected] > org.apache.httpcomponents:[email protected] From: org.apache.accumulo:[email protected] > org.apache.thrift:[email protected] > org.apache.httpcomponents:[email protected] and 16 more... ✗ Medium severity vulnerability found in org.apache.hadoop:hadoop-yarn-common Description: Cross-site Request Forgery (CSRF) Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-31587 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] and 16 more... ✗ Medium severity vulnerability found in org.apache.hadoop:hadoop-mapreduce-client-core Description: Information Exposure Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-30634 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] and 16 more... ✗ Medium severity vulnerability found in org.apache.hadoop:hadoop-mapreduce-client-app Description: Information Exposure Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-30633 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] and 16 more... ✗ Medium severity vulnerability found in org.apache.hadoop:hadoop-hdfs Description: Cross-site Scripting (XSS) Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-31414 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] and 19 more... ✗ Medium severity vulnerability found in org.apache.hadoop:hadoop-common Description: Improper Access Control Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-30628 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] and 19 more... ✗ Medium severity vulnerability found in org.apache.directory.api:api-ldap-client-api Description: Information Exposure Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEDIRECTORYAPI-32413 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.directory.server:[email protected] > org.apache.directory.api:[email protected] From: org.apache.accumulo:[email protected] > org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.directory.server:[email protected] > org.apache.directory.api:[email protected] ✗ Medium severity vulnerability found in org.apache.commons:commons-compress Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-32122 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.commons:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.commons:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.commons:[email protected] and 16 more... ✗ Medium severity vulnerability found in org.apache.commons:commons-compress Description: Directory Traversal Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-72275 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.commons:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.commons:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.apache.commons:[email protected] and 16 more... ✗ Medium severity vulnerability found in jline:jline Description: Arbitrary Code Injection Info: https://snyk.io/vuln/SNYK-JAVA-JLINE-30131 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > jline:[email protected] From: org.apache.accumulo:[email protected] > jline:[email protected] From: org.apache.accumulo:[email protected] > jline:[email protected] and 16 more... ✗ Medium severity vulnerability found in io.netty:netty Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-JAVA-IONETTY-30100 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] > io.netty:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] > io.netty:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] > io.netty:[email protected] and 17 more... ✗ Medium severity vulnerability found in io.netty:netty Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-JAVA-IONETTY-30429 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] > io.netty:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] > io.netty:[email protected] From: org.apache.accumulo:[email protected] > org.apache.zookeeper:[email protected] > io.netty:[email protected] and 17 more... ✗ Medium severity vulnerability found in commons-httpclient:commons-httpclient Description: Improper Certificate Validation Info: https://snyk.io/vuln/SNYK-JAVA-COMMONSHTTPCLIENT-30083 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > commons-httpclient:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > commons-httpclient:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > commons-httpclient:[email protected] and 16 more... ✗ Medium severity vulnerability found in commons-httpclient:commons-httpclient Description: Man-in-the-Middle (MitM) Info: https://snyk.io/vuln/SNYK-JAVA-COMMONSHTTPCLIENT-31660 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > commons-httpclient:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > commons-httpclient:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > commons-httpclient:[email protected] and 16 more... ✗ Medium severity vulnerability found in com.google.guava:guava Description: Deserialization of Untrusted Data Info: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-32236 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > com.google.guava:[email protected] From: org.apache.accumulo:[email protected] > com.google.guava:[email protected] From: org.apache.accumulo:[email protected] > com.google.guava:[email protected] and 17 more... ✗ High severity vulnerability found in xerces:xercesImpl Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-JAVA-XERCES-31497 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > xerces:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > xerces:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > xerces:[email protected] and 16 more... ✗ High severity vulnerability found in org.mortbay.jetty:jetty Description: Arbitrary Command Execution Info: https://snyk.io/vuln/SNYK-JAVA-ORGMORTBAYJETTY-32091 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.mortbay.jetty:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.mortbay.jetty:[email protected] From: org.apache.accumulo:[email protected] > org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] > org.mortbay.jetty:[email protected] ✗ High severity vulnerability found in org.eclipse.jetty:jetty-util Description: Timing Attack Info: https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32151 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.eclipse.jetty:[email protected] From: org.apache.accumulo:[email protected] > org.eclipse.jetty:[email protected] From: org.apache.accumulo:[email protected] > org.apache.accumulo:[email protected] > org.eclipse.jetty:[email protected] and 3 more... ✗ High severity vulnerability found in org.codehaus.plexus:plexus-utils Description: Shell Command Injection Info: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522 Introduced through: org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.maven:[email protected] > org.codehaus.plexus:[email protected] ✗ High severity vulnerability found in org.apache.hadoop:hadoop-hdfs Description: Improper Input Validation Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-31400 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] and 19 more... ✗ High severity vulnerability found in org.apache.hadoop:hadoop-hdfs Description: Information Exposure Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-32124 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] and 19 more... ✗ High severity vulnerability found in org.apache.hadoop:hadoop-common Description: Information Exposure Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-30627 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.hadoop:[email protected] and 19 more... ✗ High severity vulnerability found in org.apache.directory.api:api-ldap-model Description: Timing Attack Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEDIRECTORYAPI-30595 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.directory.server:[email protected] > org.apache.directory.api:[email protected] From: org.apache.accumulo:[email protected] > org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.directory.server:[email protected] > org.apache.directory.api:[email protected] ✗ High severity vulnerability found in org.apache.directory.api:api-all Description: Timing Attack Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEDIRECTORYAPI-30593 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.directory.api:[email protected] From: org.apache.accumulo:[email protected] > org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.directory.api:[email protected] Organisation: milleruntime Package manager: maven Target file: pom.xml Open source: no Project path: /home/mike/workspace/accumulo Tested 200 dependencies for known vulnerabilities, found 37 vulnerabilities, 512 vulnerable paths.
Testing /home/mike/workspace/accumulo... ✗ Medium severity vulnerability found in org.apache.httpcomponents:httpclient Description: Directory Traversal Info: https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.thrift:[email protected] > org.apache.httpcomponents:[email protected] From: org.apache.accumulo:[email protected] > org.apache.thrift:[email protected] > org.apache.httpcomponents:[email protected] From: org.apache.accumulo:[email protected] > org.apache.thrift:[email protected] > org.apache.httpcomponents:[email protected] and 13 more... ✗ Medium severity vulnerability found in jline:jline Description: Arbitrary Code Injection Info: https://snyk.io/vuln/SNYK-JAVA-JLINE-30131 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > jline:[email protected] From: org.apache.accumulo:[email protected] > jline:[email protected] From: org.apache.accumulo:[email protected] > jline:[email protected] and 13 more... ✗ High severity vulnerability found in com.nimbusds:nimbus-jose-jwt Description: Elliptic Curve Key Disclosure Info: https://snyk.io/vuln/SNYK-JAVA-COMNIMBUSDS-30205 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.kerby:[email protected] > org.apache.kerby:[email protected] > org.apache.kerby:[email protected] > com.nimbusds:[email protected] From: org.apache.accumulo:[email protected] > org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.kerby:[email protected] > org.apache.kerby:[email protected] > org.apache.kerby:[email protected] > com.nimbusds:[email protected] ✗ High severity vulnerability found in com.nimbusds:nimbus-jose-jwt Description: Invalid Elliptic Curve Attack Info: https://snyk.io/vuln/SNYK-JAVA-COMNIMBUSDS-31558 Introduced through: org.apache.accumulo:[email protected], org.apache.accumulo:[email protected] From: org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.kerby:[email protected] > org.apache.kerby:[email protected] > org.apache.kerby:[email protected] > com.nimbusds:[email protected] From: org.apache.accumulo:[email protected] > org.apache.accumulo:[email protected] > org.apache.hadoop:[email protected] > org.apache.kerby:[email protected] > org.apache.kerby:[email protected] > org.apache.kerby:[email protected] > com.nimbusds:[email protected] Organisation: milleruntime Package manager: maven Target file: pom.xml Open source: no Project path: /home/mike/workspace/accumulo Tested 157 dependencies for known vulnerabilities, found 4 vulnerabilities, 36 vulnerable paths.
