org.fitnesse:fitnesse
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.fitnesse:fitnessepage 1 of 1
- CVE-2014-1216NONECVSS 0.0EG 0.0✓ Fixed in 201404182014-04-22
vulnerable: 20131110, 20140201
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
- CVE-2024-28125CRITICALCVSS 9.8EG 9.82024-03-18
vulnerable: 20050731 ... 20240707 (76 versions)
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further inv…
- CVE-2024-28128MEDIUMCVSS 6.1EG 6.1✓ Fixed in 202203192024-03-18
vulnerable: 20050731 ... 20211030 (67 versions)
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link…
- CVE-2024-39610MEDIUMCVSS 6.1EG 6.1✓ Fixed in 202410262024-11-15
vulnerable: 20050731 ... 20241023 (77 versions)
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
- CVE-2024-42499MEDIUMCVSS 5.3EG 5.3✓ Fixed in 202410262024-11-15
vulnerable: 20050731 ... 20241023 (77 versions)
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an attacker may be able to know whether a file exists at a specific pat…
Check whether org.fitnesse:fitnesse is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.fitnesse:fitnesse CVEs against the assets you own.
Start Free Scan →