Vmurrell at 07:41, 6 October 2025

2025-10-06T07:41:34Z

Vmurrell at 16:41, 10 September 2023

2023-09-10T16:41:37Z

Plazarou: /* Overview of Report */

2021-05-24T09:37:34Z

‎Overview of Report

Plazarou: Created page with "=== Overview === The following details the OWASP analysis of Fusion Registry Enterprise Edition version '''10.7.0''' === Environment === The OWASP command-line client was ru..."

2021-05-24T09:37:17Z

Created page with "=== Overview === The following details the OWASP analysis of Fusion Registry Enterprise Edition version '''10.7.0''' === Environment === The OWASP command-line client was ru..."

New page

=== Overview ===

The following details the OWASP analysis of Fusion Registry Enterprise Edition version '''10.7.0'''

=== Environment ===
The OWASP command-line client was run against the Fusion Registry version 10.7.0

* OWASP Cli version: dependency-check version: 6.1.6
* Java version "1.8.0_172"
* Operating System: Windows 10.0.19042.928
* Date performed: 10th May 2021

===Overview of Report===
The report revealed 5 vulnerable dependencies:

==== 1. bootstrap.bundle.min.js - version 4.0.0 - bundled with the Data Browser ====

''Issue:'' This is a cross-site scripting issue rated as severity "MEDIUM".

''Action:'' Since the Data Browser is now deprecated and will not ship with Fusion Registry 11, no action will be taken.

==== 2. jquery.min.js - version 3.3.0 - bundled with the Data Browser ====

''Issue:'' mishandling of jQuery.extend could allow unsanitized source objects to extend the native Object.prototype, rated as severity "MEDIUM".

''Action:'' Since the Data Browser is now deprecated and will not ship with Fusion Registry 11, no action will be taken.

==== 3. bootstrap.min.js - version 3.3.5 ====

''Issue:'' This is a cross-site scripting issue rated as severity "MEDIUM".

''Action:'' Bootstrap is a fundamental part of the User Interface of Fusion Registry. The newest releases (versions 4 and 5) require major changes to almost all pages within Fusion Registry. At the minute this is far too much of an undertaking, so Bootstrap has not been updated. At some point in the future the Fusion Registry User Interface will be updated, and this vulnerability will be addressed then.

==== 4. commons-io version 2.6 ====

''Issue:'' Vulnerability within the method FileNameUtils.normalize severity "MEDIUM".

''Action:'' The Fusion Registry does not use this method in the commons-io framework.

==== 5. spring-rabbit - version 2.3.6 ====

''Issue:'' RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header, rated as severity "MEDIUM".

''Action:'' This is the latest version of the RabbitMQ library produced by Spring. Until a new release is available, this is the version supplied with Fusion Registry. We shall keep watch of when Spring make a newer package available. When the issue is addressed, we shall release a future release of the Registry with the updated dependency.

===Attached Report===

A PDF of the OWASP dependency report can be obtained [[:File:FREE-10.7.0-Dependency-Check_Report.pdf | here ]].

← Older revision		Revision as of 07:41, 6 October 2025
Line 1:		Line 1:
−	[[Category:~~How_To~~]]	+	[[Category:RetiredFunctionality]]
	=== Overview ===		=== Overview ===

← Older revision		Revision as of 16:41, 10 September 2023
Line 1:		Line 1:
		+	[[Category:How_To]]
	=== Overview ===		=== Overview ===

← Older revision		Revision as of 09:37, 24 May 2021
Line 19:		Line 19:

	''Action:'' Since the Data Browser is now deprecated and will not ship with Fusion Registry 11, no action will be taken.		''Action:'' Since the Data Browser is now deprecated and will not ship with Fusion Registry 11, no action will be taken.
−

	==== 2. jquery.min.js - version 3.3.0 - bundled with the Data Browser ====		==== 2. jquery.min.js - version 3.3.0 - bundled with the Data Browser ====

Fusion Registry 10.7.0 OWASP Analysis - Revision history

Vmurrell at 07:41, 6 October 2025

Vmurrell at 16:41, 10 September 2023

Plazarou: /* Overview of Report */

Plazarou: Created page with "=== Overview === The following details the OWASP analysis of Fusion Registry Enterprise Edition version '''10.7.0''' === Environment === The OWASP command-line client was ru..."