Skip to main content
Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
com.versionone/VersionOne.SDK.Java.APIClie… | Sonatype Guide
Get full component data and automated fixes with Sonatype Guide.
Sign up for free
maven
com.versionone
VersionOne.SDK.Java.APIClient
16.1.2
VersionOne.SDK.Java.APIClient 16.1.2
com.versionone
Published
Oct 6, 2020
•
Policy
compliance
maven Registry
Developer Trust Score
Recommended Version:
x.y.z
Recommended upgrade that meets your policy.
Compare Versions
Overview
Overview
Versions
20
Versions
20
Vulnerabilities
31
Vulnerabilities
31
Dependencies
10
Dependencies
10
Severity
Critical
(4)
High
(17)
Medium
(10)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
6.9
sonatype-2017-000880
jackson-databind - Missing type checks when using polymorphic type ids
affected
Severity
Medium
Published
Jun 4, 2026
8.8
CVE-2025-48734
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.
affected
8.7
sonatype-2024-3350
commons-collections - Uncontrolled Recursion
affected
Severity
High
Published
Aug 13, 2024
7.5
CVE-2022-4244
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
affected
Severity
High
7.5
CVE-2023-5072
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
affected
Severity
High
Published
Oct 13, 2023
7.5
sonatype-2023-3603
wiremock-standalone - Path Traversal
affected
Severity
High
Published
Aug 8, 2023
7.1
CVE-2023-2976
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
affected
Severity
High
7.5
CVE-2023-1370
[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.
affected
Severity
High
Published
Mar 14, 2023
7.5
CVE-2022-45688
A stack overflow in the XML.toJSONObject component of hutool-json v5.8.10 allows attackers to cause a Denial of Service (DoS) via crafted JSON or XML data.
affected
Severity
High
Published
Dec 14, 2022
7.5
sonatype-2022-6438
jackson-core - Denial of Service (DoS)
affected
Severity
High
Published
Dec 7, 2022
7.5
CVE-2022-42003
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
affected
Severity
High
7.5
sonatype-2022-3061
JSON-java - Denial of Service (DoS)
affected
Severity
High
Published
May 24, 2022
7.5
CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
affected
Severity
High
Published
5.3
CVE-2021-28169
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
affected
Severity
Medium
Published
7.5
CVE-2021-31684
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
affected
Severity
High
Published
Jun 2, 2021
9.1
CVE-2021-26291
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html
affected
Severity
Critical
5.9
CVE-2021-27568
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
affected
Severity
Medium
Published
Mar 1, 2021
5.3
CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
affected
Severity
Medium
Published
Oct 14, 2020
5.3
sonatype-2018-0705
commons-io - Path Traversal [CVE-2021-29425]
affected
Severity
Medium
Published
Aug 19, 2020
6.3
sonatype-2016-0593
com.fasterxml.jackson.core:jackson-databind - Ensure DOM parsing defaults to not expanding external entities
affected
Severity
Medium
Published
May 29, 2019
5.9
CVE-2018-10237
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
affected
Severity
Medium
5.3
CVE-2018-9117
WireMock before 2.16.0 contains a vulnerability that allows a remote unauthenticated attacker to access local files beyond the application directory via a specially crafted XML request, aka Directory Traversal.
affected
Severity
Medium
Published
Apr 10, 2018
9.1
CVE-2018-9116
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service.
affected
Severity
Critical
Published
Apr 10, 2018
8.6
sonatype-2015-0173
plexus-utils - XML Injection [CVE-2022-4245]
affected
Severity
High
Published
Jan 10, 2018
9.8
CVE-2017-1000487
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
affected
Severity
Critical
Published
Jan 9, 2018
1-25 of 31
Severity
High
Published
May 28, 2025
Published
Jan 24, 2024
Published
May 31, 2023
Published
Oct 3, 2022
Mar 15, 2022
Jun 10, 2021
Published
Apr 9, 2021
Published
Apr 28, 2018
