Announcement

**Isomorphic** · 3 Mar 2021, 10:01

These are not real vulnerabilities. Please do run a scanning tool and send the output directly to us, as it is generally nonsense. You need to engage someone with at least a passing familiarity with security first.

Here, your scanner has identified an intended and documented capability of the tool - allow superusers to execute Groovy or other code on the server, for runtime inspection of server state - as a vulnerability. It is not a vulnerability. Read in the reference about Tools Deployment.

**rameshprakash** · 4 Mar 2021, 23:54

Please refer the attachment and need some clarification on which we raised.

Attached Files

Isomorphic-OSS-Issue.docx (397.1 KB, 89 views)

**Isomorphic** · 5 Mar 2021, 08:31

If you have someone with security expertise, please submit a real vulnerability report, with exploit code (hint: you will not be able to do this).

If you instead want training in how to correctly interpret security scanner results, you can purchase our commercial services.

Announcement

VeraCode Security Scan - 3 Flaws - Isomorphic Cor RPC Jar

Comment

Comment

Comment