io.hawt:project

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting io.hawt:projectpage 1 of 1

CVE-2017-2589HIGHCVSS 8.7EG 8.7✓ Fixed in 1.5.0
2018-07-26
vulnerable: 1.0 ... 1.4.9 (97 versions)
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients usi…
CVE-2017-2594MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.5.0
2018-05-08
vulnerable: 1.0 ... 1.4.9 (97 versions)
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information …
CVE-2017-7556HIGHCVSS 8.8EG 8.8✓ Fixed in 1.5.4
2017-08-17
vulnerable: 1.0 ... 1.5.X (102 versions)
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.
CVE-2023-33544MEDIUMCVSS 5.5EG 5.5
2023-06-01
vulnerable: 1.0 ... 2.9.1 (161 versions)
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.

Check whether io.hawt:project is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.hawt:project CVEs against the assets you own.

Start Free Scan →