Known Vulnerabilities for Pluto by Apache
Listed below are 7 of the newest known vulnerabilities associated with "Pluto" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-36739 json | The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross... | 6.1 - MEDIUM | 2022-01-06 | 2022-01-12 |
| CVE-2021-36738 json | The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting ... | 6.1 - MEDIUM | 2022-01-06 | 2022-01-12 |
| CVE-2021-36737 json | The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrat... | 6.1 - MEDIUM | 2022-01-06 | 2022-01-12 |
| CVE-2021-29425 json | In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../f... | 4.8 - MEDIUM | 2021-04-13 | 2023-11-07 |
| CVE-2020-15250 json | In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerabi... | 5.5 - MEDIUM | 2020-10-12 | 2023-11-07 |
| CVE-2019-0186 json | The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) at... | 6.1 - MEDIUM | 2019-04-26 | 2023-11-07 |
| CVE-2018-1306 json | The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attack... | 7.5 - HIGH | 2018-06-27 | 2019-03-01 |