org.yamcs:yamcs

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.yamcs:yamcspage 1 of 1

CVE-2023-45277HIGHCVSS 7.5EG 7.5✓ Fixed in 5.8.7
2023-10-19
vulnerable: 0.29.3 ... 5.8.6 (115 versions)
Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrar…
CVE-2023-45278CRITICALCVSS 9.1EG 9.1✓ Fixed in 5.8.7
2023-10-19
vulnerable: 0.29.3 ... 5.8.6 (115 versions)
Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.
CVE-2023-45279MEDIUMCVSS 5.4EG 5.4✓ Fixed in 5.8.7
2023-10-19
vulnerable: 0.29.3 ... 5.8.6 (115 versions)
Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can…
CVE-2023-45280MEDIUMCVSS 5.4EG 5.4✓ Fixed in 5.8.7
2023-10-19
vulnerable: 0.29.3 ... 5.8.6 (115 versions)
Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once th…

Check whether org.yamcs:yamcs is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.yamcs:yamcs CVEs against the assets you own.

Start Free Scan →