Vulnerabilities in SOAP UI Docker Image(version 5....

vgupta10 · ‎02-21-2019

Hi,

I successfully created a docker image for open source soap ui(version 5.4.0). While running a security scan on this image with the help of twistlock, I encountered some vulnerabilities. Following are its details for reference:-

1) com.fasterxml.jackson.core_jackson-databind version 2.3.0 has 13 vulnerabilities

2) com.fasterxml.jackson.core_jackson-core version 2.3.0 has 2 vulnerabilities

3) xerces_xercesImpl version 2.9.1 has 1 vulnerability

Can you please enlighten on the part as to why these vulnerabilites are occuring and what exactly are they?

What are the posibilities of it getting fixed in the next version of soap ui?

Thanks in advance!

Regards

nmrao · ‎02-21-2019

I believe, all those mentioned libraries are of third party, not soapUI.

Regards,
Rao.

nmrao · ‎02-21-2019

Have you run similar one on standalone installation of SoapUI?

Regards,
Rao.

vgupta10 · ‎02-22-2019

thanks for responding nmrao!

I have been pulling the soap ui installable directly from the s3 website link mentioned on the soap ui download page which is as follows:-

https://s3.amazonaws.com/downloads.eviware/soapuios/5.5.0/SoapUI-x64-5.5.0.sh

Vulnerabilities in SOAP UI Docker Image(version 5.4.0)

Vulnerabilities in SOAP UI Docker Image(version 5.4.0)

Base64 decode a binary content with Groovy script

SoapUI with Java 11 won't start

What is a Bestseller?

Dump File Path

Auto fill request