Owasp: >> Dependency-Check Security Vulnerabilities
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
CVSS Score
5.3
EPSS Score
0.007
Published
2024-01-19
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-06-07