CVE-2018-1000129 Vulnerability in maven package org.jolokia:jolokia-core

Description

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

Remediation

References

https://access.redhat.com/errata/RHSA-2018:2669

https://access.redhat.com/errata/RHSA-2018:3817

https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad

https://jolokia.org/#Security_fixes_with_1.5.0

Related Vulnerabilities

CVE-2017-9096 Vulnerability in maven package com.itextpdf:forms

CVE-2018-1199 Vulnerability in maven package org.springframework.security:spring-security-config

CVE-2017-16212 Vulnerability in npm package ltt

CVE-2020-8908 Vulnerability in maven package com.google.guava:guava

CVE-2022-1233 Vulnerability in maven package org.webjars.bower:urijs

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N