{ "_class" : "io.jenkins.plugins.analysis.core.restapi.ReportApi", "issues" : [ { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "commons-lang-2.6.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/var/govway/batch/generatoreStatistiche/lib/commons-lang-2.6.jar", "fingerprint" : "FALLBACK-f48ad3a6", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "NORMAL", "toString" : "commons-lang-2.6.jar(1,0): CVE-2025-48924: : CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "type" : "CVE-2025-48924" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "commons-lang-2.6.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govway.war/WEB-INF/lib/commons-lang-2.6.jar", "fingerprint" : "FALLBACK-f48ad3a6", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "NORMAL", "toString" : "commons-lang-2.6.jar(1,0): CVE-2025-48924: : CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "type" : "CVE-2025-48924" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "commons-lang-2.6.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayAPIConfig.war/WEB-INF/lib/commons-lang-2.6.jar", "fingerprint" : "FALLBACK-f48ad3a6", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "NORMAL", "toString" : "commons-lang-2.6.jar(1,0): CVE-2025-48924: : CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "type" : "CVE-2025-48924" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "struts-core-1.3.10.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayAPIConfig.war/WEB-INF/lib/struts-core-1.3.10.jar", "fingerprint" : "FALLBACK-19072676", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2023-34396: LanguageSpecificPackageVulnerability\u000a\u000aApache Struts vulnerable to memory exhaustion\u000a\u000aFor additional help see: **Vulnerability CVE-2023-34396**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)|\u000a\u000aAllocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.\u000a\u000aUpgrade to Struts 2.5.31 or 6.1.2.1 or greater\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2023-34396\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "HIGH", "toString" : "struts-core-1.3.10.jar(1,0): CVE-2023-34396: : CVE-2023-34396: LanguageSpecificPackageVulnerability\u000a\u000aApache Struts vulnerable to memory exhaustion\u000a\u000aFor additional help see: **Vulnerability CVE-2023-34396**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)|\u000a\u000aAllocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.\u000a\u000aUpgrade to Struts 2.5.31 or 6.1.2.1 or greater\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2023-34396\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)", "type" : "CVE-2023-34396" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "commons-lang-2.6.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayAPIMonitor.war/WEB-INF/lib/commons-lang-2.6.jar", "fingerprint" : "FALLBACK-f48ad3a6", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "NORMAL", "toString" : "commons-lang-2.6.jar(1,0): CVE-2025-48924: : CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "type" : "CVE-2025-48924" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "jasperreports-6.20.0.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayAPIMonitor.war/WEB-INF/lib/jasperreports-6.20.0.jar", "fingerprint" : "FALLBACK-b0f36103", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-10492: LanguageSpecificPackageVulnerability\u000a\u000aJasperReports has a Java deserialisation vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-10492**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|net.sf.jasperreports:jasperreports||[CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)|\u000a\u000aA Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library\u000a\u000aPackage: net.sf.jasperreports:jasperreports\u000aInstalled Version: 6.20.0\u000aVulnerability CVE-2025-10492\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "HIGH", "toString" : "jasperreports-6.20.0.jar(1,0): CVE-2025-10492: : CVE-2025-10492: LanguageSpecificPackageVulnerability\u000a\u000aJasperReports has a Java deserialisation vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-10492**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|net.sf.jasperreports:jasperreports||[CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)|\u000a\u000aA Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library\u000a\u000aPackage: net.sf.jasperreports:jasperreports\u000aInstalled Version: 6.20.0\u000aVulnerability CVE-2025-10492\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)", "type" : "CVE-2025-10492" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "commons-lang-2.6.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayConsole.war/WEB-INF/lib/commons-lang-2.6.jar", "fingerprint" : "FALLBACK-f48ad3a6", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "NORMAL", "toString" : "commons-lang-2.6.jar(1,0): CVE-2025-48924: : CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "type" : "CVE-2025-48924" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "struts-core-1.3.10.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayConsole.war/WEB-INF/lib/struts-core-1.3.10.jar", "fingerprint" : "FALLBACK-19072676", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2023-34396: LanguageSpecificPackageVulnerability\u000a\u000aApache Struts vulnerable to memory exhaustion\u000a\u000aFor additional help see: **Vulnerability CVE-2023-34396**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)|\u000a\u000aAllocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.\u000a\u000aUpgrade to Struts 2.5.31 or 6.1.2.1 or greater\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2023-34396\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "HIGH", "toString" : "struts-core-1.3.10.jar(1,0): CVE-2023-34396: : CVE-2023-34396: LanguageSpecificPackageVulnerability\u000a\u000aApache Struts vulnerable to memory exhaustion\u000a\u000aFor additional help see: **Vulnerability CVE-2023-34396**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)|\u000a\u000aAllocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.\u000a\u000aUpgrade to Struts 2.5.31 or 6.1.2.1 or greater\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2023-34396\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)", "type" : "CVE-2023-34396" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "commons-lang-2.6.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayMonitor.war/WEB-INF/lib/commons-lang-2.6.jar", "fingerprint" : "FALLBACK-f48ad3a6", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "NORMAL", "toString" : "commons-lang-2.6.jar(1,0): CVE-2025-48924: : CVE-2025-48924: LanguageSpecificPackageVulnerability\u000a\u000acommons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48924**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|commons-lang:commons-lang||[CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)|\u000a\u000aUncontrolled Recursion vulnerability in Apache Commons Lang.\u000a\u000aThis issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.\u000a\u000aThe methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a \u000aStackOverflowError could cause an application to stop.\u000a\u000aUsers are recommended to upgrade to version 3.18.0, which fixes the issue.\u000a\u000aPackage: commons-lang:commons-lang\u000aInstalled Version: 2.6\u000aVulnerability CVE-2025-48924\u000aSeverity: MEDIUM\u000aFixed Version: \u000aLink: [CVE-2025-48924](https://avd.aquasec.com/nvd/cve-2025-48924)", "type" : "CVE-2025-48924" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "jasperreports-6.20.0.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayMonitor.war/WEB-INF/lib/jasperreports-6.20.0.jar", "fingerprint" : "FALLBACK-b0f36103", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2025-10492: LanguageSpecificPackageVulnerability\u000a\u000aJasperReports has a Java deserialisation vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-10492**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|net.sf.jasperreports:jasperreports||[CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)|\u000a\u000aA Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library\u000a\u000aPackage: net.sf.jasperreports:jasperreports\u000aInstalled Version: 6.20.0\u000aVulnerability CVE-2025-10492\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "HIGH", "toString" : "jasperreports-6.20.0.jar(1,0): CVE-2025-10492: : CVE-2025-10492: LanguageSpecificPackageVulnerability\u000a\u000aJasperReports has a Java deserialisation vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-10492**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|net.sf.jasperreports:jasperreports||[CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)|\u000a\u000aA Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library\u000a\u000aPackage: net.sf.jasperreports:jasperreports\u000aInstalled Version: 6.20.0\u000aVulnerability CVE-2025-10492\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)", "type" : "CVE-2025-10492" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "struts-core-1.3.10.jar", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/usr/local/tomcat/webapps/govwayMonitor.war/WEB-INF/lib/struts-core-1.3.10.jar", "fingerprint" : "FALLBACK-19072676", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2023-34396: LanguageSpecificPackageVulnerability\u000a\u000aApache Struts vulnerable to memory exhaustion\u000a\u000aFor additional help see: **Vulnerability CVE-2023-34396**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)|\u000a\u000aAllocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.\u000a\u000aUpgrade to Struts 2.5.31 or 6.1.2.1 or greater\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2023-34396\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "HIGH", "toString" : "struts-core-1.3.10.jar(1,0): CVE-2023-34396: : CVE-2023-34396: LanguageSpecificPackageVulnerability\u000a\u000aApache Struts vulnerable to memory exhaustion\u000a\u000aFor additional help see: **Vulnerability CVE-2023-34396**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.struts:struts-core||[CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)|\u000a\u000aAllocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.\u000a\u000aUpgrade to Struts 2.5.31 or 6.1.2.1 or greater\u000a\u000aPackage: org.apache.struts:struts-core\u000aInstalled Version: 1.3.10\u000aVulnerability CVE-2023-34396\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2023-34396](https://avd.aquasec.com/nvd/cve-2023-34396)", "type" : "CVE-2023-34396" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "govway", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/linkitaly/govway", "fingerprint" : "FALLBACK-912fe3a0", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2026-24515: OsPackageVulnerability\u000a\u000alibexpat: libexpat null pointer dereference\u000a\u000aFor additional help see: **Vulnerability CVE-2026-24515**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|LOW|libexpat|2.7.4-r0|[CVE-2026-24515](https://avd.aquasec.com/nvd/cve-2026-24515)|\u000a\u000aIn libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.\u000a\u000aPackage: libexpat\u000aInstalled Version: 2.7.3-r0\u000aVulnerability CVE-2026-24515\u000aSeverity: LOW\u000aFixed Version: 2.7.4-r0\u000aLink: [CVE-2026-24515](https://avd.aquasec.com/nvd/cve-2026-24515)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "LOW", "toString" : "govway(1,0): CVE-2026-24515: : CVE-2026-24515: OsPackageVulnerability\u000a\u000alibexpat: libexpat null pointer dereference\u000a\u000aFor additional help see: **Vulnerability CVE-2026-24515**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|LOW|libexpat|2.7.4-r0|[CVE-2026-24515](https://avd.aquasec.com/nvd/cve-2026-24515)|\u000a\u000aIn libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.\u000a\u000aPackage: libexpat\u000aInstalled Version: 2.7.3-r0\u000aVulnerability CVE-2026-24515\u000aSeverity: LOW\u000aFixed Version: 2.7.4-r0\u000aLink: [CVE-2026-24515](https://avd.aquasec.com/nvd/cve-2026-24515)", "type" : "CVE-2026-24515" }, { "addedAt" : 0, "authorEmail" : "-", "authorName" : "-", "baseName" : "govway", "category" : "", "columnEnd" : 0, "columnStart" : 0, "commit" : "-", "description" : "", "fileName" : "/linkitaly/govway", "fingerprint" : "FALLBACK-1f34d882", "lineEnd" : 1, "lineStart" : 1, "message" : "CVE-2026-25210: OsPackageVulnerability\u000a\u000alibexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation\u000a\u000aFor additional help see: **Vulnerability CVE-2026-25210**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|libexpat|2.7.4-r0|[CVE-2026-25210](https://avd.aquasec.com/nvd/cve-2026-25210)|\u000a\u000aIn libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.\u000a\u000aPackage: libexpat\u000aInstalled Version: 2.7.3-r0\u000aVulnerability CVE-2026-25210\u000aSeverity: MEDIUM\u000aFixed Version: 2.7.4-r0\u000aLink: [CVE-2026-25210](https://avd.aquasec.com/nvd/cve-2026-25210)", "moduleName" : "", "origin" : "trivy", "originName" : "Trivy Security Scanner", "packageName" : "-", "reference" : "1368", "severity" : "NORMAL", "toString" : "govway(1,0): CVE-2026-25210: : CVE-2026-25210: OsPackageVulnerability\u000a\u000alibexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation\u000a\u000aFor additional help see: **Vulnerability CVE-2026-25210**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|libexpat|2.7.4-r0|[CVE-2026-25210](https://avd.aquasec.com/nvd/cve-2026-25210)|\u000a\u000aIn libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.\u000a\u000aPackage: libexpat\u000aInstalled Version: 2.7.3-r0\u000aVulnerability CVE-2026-25210\u000aSeverity: MEDIUM\u000aFixed Version: 2.7.4-r0\u000aLink: [CVE-2026-25210](https://avd.aquasec.com/nvd/cve-2026-25210)", "type" : "CVE-2026-25210" } ], "size" : 13, "toString" : "13 warnings (high: 5, normal: 7, low: 1)" }