VYPR

Maven package

io.hawt/project

pkg:maven/io.hawt/project

Vulnerabilities (4)

  • CVE-2023-33544Jun 1, 2023
    affected <= 2.17.2

    hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.

  • CVE-2017-2589HigJul 26, 2018
    affected < 1.5.0fixed 1.5.0

    It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookie

  • CVE-2017-2594MedMay 8, 2018
    affected < 1.5.0fixed 1.5.0

    hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.

  • CVE-2017-7556HigAug 17, 2017
    affected < 1.5.4fixed 1.5.4

    Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.