奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

There is a vulnerability in Spring Boot 2.0.2.RELEASE,upgrade recommended

3 comment

https://github.com/apache/pulsar-manager/blob/d15a0f1e45a3fe9821df51361584dce87e104948/build.gradle#L17 CVE-2020-5421 Recommended upgrade version: 2.1.17.RELEASE

There is a vulnerability in scikit-learn 0.20.4,upgrade recommended

https://github.com/baidu/Senta/blob/e5294c00a6ffc4b1284f38000f0fbf24d6554c22/requirements.txt#L4 CVE-2020-13092 Recommended upgrade version:0.22.1

There is a vulnerability in numpy 1.14.5,upgrade recommended

https://github.com/baidu/Senta/blob/e5294c00a6ffc4b1284f38000f0fbf24d6554c22/requirements.txt#L2 CVE-2019-6446 Recommended upgrade version:1.16.1

Multiple Unlocks of a Critical Resource

https://github.com/Netflix/concurrency-limits/blob/18692b09e55a0574bea94d92e95a03c3e89012d2/concurrency-limits-core/src/main/java/com/netflix/concurrency/limits/limiter/AbstractPartitionedLimiter.java#L217-L219 https://github.com/Netflix/concurrency-limits/blob/18692b09e55a0574bea94d92e95a03c3e89012d2/concurrency-limits-core/src/main/java/com/netflix/concurrency/limits/limiter/AbstractPartitionedLimiter.java#L255-L257

Unreleased Resource: Files

https://github.com/bytedance/BoostMultiDex/blob/29d4110f28a4bc3571ad336fa2c27c941d185143/boost_multidex/src/main/java/com/bytedance/boost_multidex/OptimizeService.java#L107 Failed to release apkZipFile properly.Most unreleased resource issues result in general software reliability problems. However, if an attacker can intentionally trigger a resource leak, the attacker may be able...

Insecure Randomness

https://github.com/bytedance/BoostMultiDex/blob/29d4110f28a4bc3571ad336fa2c27c941d185143/boost_multidex/src/main/java/com/bytedance/boost_multidex/DexInstallProcessor.java#L26 Try not to use unsafe random numbers, especially when sensitive operations such as checksums are involved.Doing so allows an attacker to control the value used to seed the pseudorandom...

There is a risk of SQL injection.

1 comment

https://github.com/didi/DDMQ/blob/2f30b61a5741d55a5b515f3d8d19a8a35be8c9e2/rocketmq/broker/src/main/java/org/apache/rocketmq/broker/transaction/jdbc/JDBCTransactionStore.java#L128 It is recommended to replace *java.sql.Statement* with *java.sql.PreparedStatement*.

There is a vulnerability in tensorflow 2.0.0 ,upgrade recommended

https://github.com/didi/dlflow/blob/6fb974fd800649af82b20c5f4e40aea123559d10/requirements.txt#L2 CVE-2020-15208 CVE-2020-15205 CVE-2020-15207 CVE-2020-15195 Recommended upgrade version:2.4.0rc2

There is a vulnerability in spark 2.4.4,upgrade recommended

https://github.com/didi/dlflow/blob/6fb974fd800649af82b20c5f4e40aea123559d10/dmflow/pom.xml#L27 CVE-2020-9480 Recommended upgrade version:2.4.5.7.2.1.0-210

There is a vulnerability in log4j 2.11.1,upgrade recommended

https://github.com/didi/ES-Fastloader/blob/dc00f9bd4367449dafdaffe992aa024505867d8e/mr/pom.xml#L135-L137 CVE-2020-9488 Recommended upgrade version:2.13.2