Details
-
Bug
-
Resolution: Done
-
Major
-
4.3.1.Final, 3.9.0.Final
-
None
-
None
Description
resteasy-jsapi-testing pulls in vulnerable dependencies
Analyzed using https://snyk.io/, see attache pdf report.
Selenium-java@2.51.0 was released Feb 2016
https://mvnrepository.com/artifact/org.seleniumhq.selenium/selenium-java/2.51.0
Dependency and code needs to be updated to use the latest version.
It's "only" testing dependency, but test code should be treated the same way as main code.
Information Disclosure
Vulnerable module: io.netty:netty
Introduced through: org.seleniumhq.selenium:selenium-java@2.51.0
Timing Attack
Vulnerable module: org.eclipse.jetty:jetty-util
Introduced through: org.seleniumhq.selenium:selenium-java@2.51.0
Deserialization of Untrusted Data
Vulnerable module: com.google.guava:guava
Introduced through: org.seleniumhq.selenium:selenium-java@2.51.0 and org.seleniumhq.selenium:selenium-chrome-driver@2.51.0
Denial of Service (DoS)
Vulnerable module: io.netty:netty
Introduced through: org.seleniumhq.selenium:selenium-java@2.51.0
Cross-site Scripting (XSS)
Vulnerable module: org.eclipse.jetty:jetty-util
Introduced through: org.seleniumhq.selenium:selenium-java@2.51.0
Attachments
Issue Links
- is related to
-
RESTEASY-2383 create resteasy-js-api-testing with newest selenium webdrive
-
- Open
-
