奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

There is a vulnerability in Guava: Google Core Libraries for Java 20.0,upgrade recommended

https://github.com/google/closure-stylesheets/blob/970d51e6fb45591e50c057b118e66a364957da42/pom.xml#L83 CVE-2018-10237 CVE-2020-8908 Recommended upgrade version: 24.1.1.jre

Unused variables

https://github.com/IBM/AIF360/blob/7763c1c5a36647afbee310249fee82e1211b0f40/aif360/algorithms/inprocessing/gerryfair/heatmap.py#L90 Variables declared but not used, or reassigned before they are used, can be the result of programmer negligence, which often means that there is a bug in the program.

Dynamic Code Evaluation

https://github.com/IBM/AIF360/blob/7763c1c5a36647afbee310249fee82e1211b0f40/mlops/kubeflow/bias_detector_pytorch/src/fairness_check.py#L78-L79 Python allows users to execute instructions dynamically, and when this capability is exploited by malicious users, dynamic code parsing attacks occur.

There is a vulnerability in guava:27.0.1-jre,upgrade recommended

1 comment

https://github.com/bytedance/AabResGuard/blob/e8f3a5d361ce61a3d4fa8bafb9d030bbe459c400/core/build.gradle#L38 CVE-2020-8908 Recommended upgrade version:30.0-jre

There is a vulnerability in commons-io:2.6,upgrade recommended

https://github.com/bytedance/AabResGuard/blob/e8f3a5d361ce61a3d4fa8bafb9d030bbe459c400/core/build.gradle#L36 CVE-2021-29425 Recommended upgrade version:2.7

There is a vulnerability in protobuf-gradle-plugin:0.8.8,upgrade recommended

https://github.com/bytedance/AabResGuard/blob/e8f3a5d361ce61a3d4fa8bafb9d030bbe459c400/core/build.gradle#L9 CVE-2015-5237 Recommended upgrade version:0.8.13

There is a vulnerability in dom4j 2.1.0,upgrade recommended

https://github.com/bytedance/AabResGuard/blob/e8f3a5d361ce61a3d4fa8bafb9d030bbe459c400/core/build.gradle#L42 CVE-2020-10683 CVE-2018-1000632 Recommended upgrade version:2.1.1-4

Unreleased Resource: Streams

https://github.com/bytedance/AabResGuard/blob/4e902042a3282f42a9b89e0446222a7b275a23ec/core/src/main/java/com/bytedance/android/aabresguard/utils/FileOperation.java#L72 FOS could not be released correctly.Most unreleased resource issues cause general software reliability problems.However, if an attacker can intentionally trigger a resource leak, an attacker can launch a denial-of-service...

Unreleased Resource: Files

https://github.com/bytedance/AabResGuard/blob/4e902042a3282f42a9b89e0446222a7b275a23ec/core/src/main/java/com/bytedance/android/aabresguard/bundle/AppBundleAnalyzer.java#L29 Unable to release ZipFile correctly.Most unreleased resource issues cause general software reliability problems.However, if an attacker can intentionally trigger a resource leak, an attacker can launch a denial-of-service attack...

Path Manipulation: Zip Entry Overwrite

https://github.com/bytedance/AabResGuard/blob/4e902042a3282f42a9b89e0446222a7b275a23ec/core/src/main/java/com/bytedance/android/aabresguard/utils/FileOperation.java#L72 Path Manipulation: ZIP Entry Overwrite errors occur when a ZIP file is opened and expanded without checking the file path of the ZIP entry.Allowing user input to control the...