keva icon indicating copy to clipboard operation
keva copied to clipboard
verified publisher icon keva-dev

Fix security vulnerable

Open tuhuynh27 opened this issue 3 years ago • 2 comments

Ref https://sbom.lift.sonatype.com/report/T1-a0368c8f29fdaa555824-50fd4d271d4cd6-1654147467-65aca49581bd41a8bf5271541c79c207

tuhuynh27 avatar Jun 02 '22 13:06 tuhuynh27

  • [ ] [sonatype-2020-0926] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions
  • [ ] [CVE-2022-24823] CWE-668: Exposure of Resource to Wrong Sphere
  • [ ] [sonatype-2020-0026] CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Let me try looking into these issues

TuanHungVU1202 avatar Jun 05 '22 05:06 TuanHungVU1202

Thanks @TuanHungVU1202 🙏

tuhuynh27 avatar Jun 05 '22 06:06 tuhuynh27