Fusion Metadata Registry 10.7.0 OWASP Analysis

From Fusion Registry Wiki
Jump to navigation Jump to search

Overview

The following details the OWASP analysis of Fusion Metadata Registry version 10.7.0

Environment

The OWASP command-line client was run against the Fusion Metadata Registry version 10.7.0

  • OWASP Cli version: dependency-check version: 6.1.6
  • Java version "1.8.0_172"
  • Operating System: Windows 10.0.19042.928
  • Date performed: 10th May 2021

Overview of Report

The report revealed 1 vulnerable dependency:

1. bootstrap.bundle.min.js - version 4.0.0 - bundled with the Data Browser

Issue: This is a cross-site scripting issue rated as severity "MEDIUM".

Action: Since the Data Browser is now deprecated and will not ship with Fusion Registry 11, no action will be taken.

Attached Report

A PDF of the OWASP dependency report can be obtained here .