net.bull.javamelody:javamelody-core

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting net.bull.javamelody:javamelody-corepage 1 of 1

CVE-2013-4378NONECVSS 0.0✓ Fixed in 1.47.0
2013-09-30
vulnerable: 1.10.0 ... 1.9.0 (43 versions)
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.
CVE-2018-12432MEDIUMCVSS 6.1✓ Fixed in 1.61.0
2018-06-14
vulnerable: 1.10.0 ... 1.9.0 (57 versions)
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.
CVE-2018-15531CRITICALCVSS 9.8✓ Fixed in 1.74.0
2018-09-26
vulnerable: 1.10.0 ... 1.9.0 (72 versions)
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

Check whether net.bull.javamelody:javamelody-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for net.bull.javamelody:javamelody-core CVEs against the assets you own.

Start Free Scan →