'Security Vulnerability springfox-swagger2-3.0.0.jar
I am working on one project and we are using tool Whitesource for our project. The system Whitesource tells me usually that I need to update some dependency. Now it just says Whitesource shows a problem Security Vulnerability with the message:
An issue was found in io.springfox:springfox-swagger-ui. This vulnerability can lead to �Log injection�- whereas untrusted data gets written into log files/entries. It allows attackers to forge log entries or inject malicious content into the logs.
pom.xml
<dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger-common</artifactId> <version>3.0.0</version> </dependency> <dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger2</artifactId> <version>3.0.0</version> <scope>compile</scope> </dependency>
Please help me solve the problem or tell me where to start solving the problem.
Solution 1:[1]
Unfortunately, there is currently no fix available from Springfox. A little explanation: With this security issue, an attacker could write untrustworthy data in the log files and thus falsify log entries or inject malicious content into the logs.
Solution 2:[2]
Unfortunately, SpringFox https://github.com/springfox/springfox is not maintained for last 2 years. Applications currently leveraging SpringFox should migrate to SpringDoc. SprinDoc GitHub repo and here is migration guide
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | toshkaexe |
| Solution 2 | mikmela |