Vulnerabilities in SOAP UI Docker Image(version 5.4.0)

Question

Hi,
&nbsp;
I successfully created a docker image for open source soap ui(version 5.4.0). While running a security scan on this image with the help of twistlock, I encountered some vulnerabilities. Following are its details for reference:-
&nbsp;
1) com.fasterxml.jackson.core_jackson-databind version 2.3.0 has 13 vulnerabilities
2) com.fasterxml.jackson.core_jackson-core version 2.3.0 has 2 vulnerabilities
3) xerces_xercesImpl version 2.9.1 has 1 vulnerability
&nbsp;
Can you please enlighten on the part as to why these vulnerabilites are occuring and what exactly are they?
What are the posibilities of it getting fixed in the next version of soap ui?
&nbsp;
Thanks in advance!
&nbsp;
Regards
&nbsp;

nmrao · Answer

I believe, all those mentioned libraries are of third party, not soapUI.

nmrao · Answer

Have you run similar one on standalone installation of SoapUI?

vgupta10 · Answer

thanks for responding nmrao!
&nbsp;
I have been pulling the soap ui installable directly from the s3 website link mentioned on the soap ui download page which is as follows:-
https://s3.amazonaws.com/downloads.eviware/soapuios/5.5.0/SoapUI-x64-5.5.0.sh

Forum Discussion

Vulnerabilities in SOAP UI Docker Image(version 5.4.0)

3 Replies

Related Content

Log4J vulnerability

Does SoapUI 5.6.0 has log4j vulnerability?

OpenJDK Multiple Vulnerabilities

SoapUI 5.5.0 Log4j vulnerability

Log4j Vulnerability - Swagger

Recent Discussions

How to upload a file via SOAP, as an attachment using python zeep

XQuery assertions are broken with SoapUI 5.6.0

Soapui 5.7.1 dependency : thoughtworks:xstream:jar:1.4.20

How to configure Swagger in Paas to use it in Oracle APEX instance.

clone TestSuite fails when there are more project with the same name