CVE-2014-9515 (High) detected in dozer-5.5.1.jar #113

mend-for-github-com · 2019-12-11T07:47:45Z

CVE-2014-9515 - High Severity Vulnerability

Vulnerable Library - dozer-5.5.1.jar

Dozer is a powerful Java Bean to Java Bean mapper that recursively copies data from one object to another

Library home page: http://dozer.sourceforge.net/dozer

Path to dependency file: /tmp/ws-scm/Noche/pom.xml

Path to vulnerable library: epository/net/sf/dozer/dozer/5.5.1/dozer-5.5.1.jar

Dependency Hierarchy:

❌ dozer-5.5.1.jar (Vulnerable Library)

Found in HEAD commit: f3de48a78c88611de860a96414977232fe7ce7db

Vulnerability Details

Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.

Publish Date: 2017-12-29

URL: CVE-2014-9515

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Dec 11, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2014-9515 (High) detected in dozer-5.5.1.jar #113

CVE-2014-9515 (High) detected in dozer-5.5.1.jar #113

mend-for-github-com bot commented Dec 11, 2019

CVE-2014-9515 (High) detected in dozer-5.5.1.jar #113

CVE-2014-9515 (High) detected in dozer-5.5.1.jar #113

Comments

mend-for-github-com bot commented Dec 11, 2019

CVE-2014-9515 - High Severity Vulnerability