Skip to main content
Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
com.microsoft.azure/applicationinsights-we… | Sonatype Guide
Get full component data and automated fixes with Sonatype Guide.
Sign up for free
maven
com.microsoft.azure
applicationinsights-web-auto
2.6.3
applicationinsights-web-auto 2.6.3
com.microsoft.azure
Published
Mar 27, 2021
•
Policy
compliance
maven Registry
Developer Trust Score
Recommended Version:
x.y.z
Recommended upgrade that meets your policy.
Compare Versions
Overview
Overview
Versions
21
Versions
21
Vulnerabilities
11
Vulnerabilities
11
Dependencies
0
Dependencies
0
Severity
Critical
(0)
High
(4)
Medium
(6)
Low
(1)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
6.9
CVE-2025-48924
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
affected
Severity
Medium
Published
Jul 14, 2025
6.9
sonatype-2025-000535
github.com/sigstore/sigstore-java (gson) - Stack-based Buffer Overflow [CVE-2025-53864]
affected
Severity
Medium
8.7
CVE-2024-47072
XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream when XStream is configured to use the BinaryStreamDriver. XStream 1.4.21 has been patched to detect the manipulation in the binary input stream causing the the stack overflow and raises an InputManipulationException instead. Users are advised to upgrade. Users unable to upgrade may catch the StackOverflowError in the client code calling XStream if XStream is configured to use the BinaryStreamDriver.
affected
Severity
High
5.3
CVE-2024-47554
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
affected
Severity
Medium
7.1
CVE-2023-2976
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
affected
Severity
High
7.5
CVE-2021-43859
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.
affected
Severity
High
7.5
sonatype-2021-1694
gson - Deserialization of Untrusted Data [CVE-2022-25647]
affected
Severity
High
5.3
CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
affected
Severity
Medium
3.3
sonatype-2020-0926
guava - Creation of Temporary File in Directory with Insecure Permissions [CVE-2020-8908]
affected
Severity
Low
5.3
sonatype-2018-0705
commons-io - Path Traversal [CVE-2021-29425]
affected
Severity
Medium
5.3
sonatype-2012-0050
commons-codec - Base32 would decode some invalid Base32 encoded string into arbitrary value
affected
Severity
Medium
Published
Published
Feb 13, 2025
Published
Nov 12, 2024
Published
Oct 4, 2024
Published
May 31, 2023
Published
Jan 31, 2022
Published
Nov 3, 2021
Published
Oct 14, 2020
Published
Sep 22, 2020
Published
Aug 19, 2020
Nov 22, 2017
