奇安信CodeSafe
奇安信CodeSafe
mktemp()并不安全,因为在调用mktemp()和第一个进程随后尝试创建该文件之间的时间内,另一个进程可能创建一个具有该名称的文件。使用此函数可能会在程序中引入安全漏洞。当您开始处理它返回的文件名时,其他人可能已经抢先一步了。建议使用mkstemp() QT4A-master/qt4a/andrcontrols.py 1827  QT4A-master/qt4a/androidtestbase.py 213 
https://github.com/apache/incubator-datalab/blob/423fa3a4404326aaac6aebc68b80a0f86dd775b4/pom.xml#L72 CVE-2020-5245 CVE-2020-11002 Recommended upgrade version:1.3.21
https://github.com/apache/incubator-datalab/blob/423fa3a4404326aaac6aebc68b80a0f86dd775b4/services/billing-aws/pom.xml#L132-L134 CVE-2018-10237 CVE-2020-8908 Recommended upgrade version:30.0-jre
https://github.com/apache/incubator-datalab/blob/423fa3a4404326aaac6aebc68b80a0f86dd775b4/services/billing-aws/pom.xml#L90-L94 CVE-2014-3558 CVE-2019-10219 Recommended upgrade version:5.1.3.FINAL
https://github.com/qiniu/java-sdk/blob/6567d17ef99c5973c2180b313328cd69722129b5/src/main/java/com/qiniu/util/Md5.java#L33 Use try-with-resources or close this "FileOutputStream" in a "finally" clause.
https://github.com/SAP/iot-starterkit/blob/659b7acc5aefc00055add07fd0013c4e01da1be0/neo/apps/java/authentication/com.sap.iot.starterkit.cert/src/main/java/com/sap/iot/starterkit/cert/KeyStoreClient.java#L313 The program can potentially fail to release a system resource.
https://github.com/linkedin/TonY/blob/55770d651965ebb8dd7ec0b8e270ca5ab593894d/build.gradle#L18 CVE-2015-5237 Recommended upgrade version:0.8.13
https://github.com/Esri/geometry-api-java/blob/a1af6612f4de7fc1baee1c331c335f154a4a96c9/pom.xml#L112-L117 Reference source:https://github.com/FasterXML/jackson-core/issues/488
https://github.com/eclipse/kura/blob/7140cd92eea7cd1ed81ed9823e9dc8e40d870453/target-platform/org.apache.activemq.artemis/pom.xml#L34 CVE-2021-26117 CVE-2020-13932 Recommended upgrade version:2.16.0
https://github.com/ctripcorp/dal/blob/b63bc5152bb779eb1c783c4fb244199f4f1aeeaa/pom.xml#L38 CVE-2018-3258 CVE-2019-2692 CVE-2020-2934 CVE-2020-2875 CVE-2020-2933 Recommended upgrade version:8.0.20