Find vulnerabilities. Fix fast with AI.

Search components by package, version, or CVE to get started.

Get full component data and automated fixes with Sonatype Guide.

maven

io.ecocode

ecocode-java-plugin

1.4.3

ecocode-java-plugin 1.4.3

Latest

io.ecocode

PublishedDec 29, 2023•Policy

compliance

maven Registry

Developer Trust Score

Recommended Version:x.y.z

Recommended upgrade that meets your policy.

Compare Versions

io.ecocode/ecocode-java-plugin 1.4.3 | Vul… | Sonatype Guide

Get full component data and automated fixes with Sonatype Guide.

maven

io.ecocode

ecocode-java-plugin

1.4.3

ecocode-java-plugin 1.4.3

Latest

io.ecocode

PublishedDec 29, 2023•Policy

compliance

maven Registry

Developer Trust Score

Recommended Version:x.y.z

Recommended upgrade that meets your policy.

Compare Versions

Severity

Critical (0)

High (2)

Medium (0)

Low (0)

CVSS Score

0.010.0

EPSS Score

0.01.0

Malware

KEV StatusPublished

7.5CVE-2023-7272

In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.

affected

SeverityHigh

PublishedJul 18, 2024

7.5CVE-2023-4043

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.

affected

SeverityHigh

PublishedNov 4, 2023