奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

OGNL Expression Injection Vulnerability

Hi! I am a staff member of QiAnXin Code Guard. In our open source code detection project, I found a OGNL Expression Injection Vulnerability in "billow". The details are as...

redundant check against null

1 comment

Hi all, There is a redundant check against null issue found by Qihoo360 CodeSafe Team. Details as bellow: https://github.com/lexborisov/myhtml/blob/097039f1c71c9f34bb9177c378cb00fe69ecafa1/source/mycore/mystring.c#L78 if str_raw is a null pointer, function will return. and https://github.com/lexborisov/myhtml/blob/097039f1c71c9f34bb9177c378cb00fe69ecafa1/source/mycore/mystring.c#L81...

There is a vulnerability in Hibernate Validator 5.4.3.Final ,upgrade recommended

https://github.com/square/keywhiz/blob/dc93a41e1a7472a6046540e4964e3a565e13c018/pom.xml#L299 CVE-2019-10219 CVE-2020-10693 Recommended upgrade version:6.0.20.Final

unused variable

https://github.com/yahoo/FEL/blob/cd4de0013f10d8ec2a6b02447f06c4132f439b18/src/main/java/com/yahoo/semsearch/fastlinking/w2v/EmbeddingsServer.java#L32

There is a vulnerability in Apache ZooKeeper 3.4.6,upgrade recommended

https://github.com/qunarcorp/bistoury/blob/b83b87032c3a394df31300a4fe3a1123cf6d7917/pom.xml#L85 CVE-2017-5637 CVE-2018-8012 CVE-2016-5017 CVE-2019-0201 CVE-2021-21409 CVE-2014-0085 Recommended upgrade version:3.5.5.7.1.1.2013-1

There is a vulnerability in Netty Project 4.1.41.Final,upgrade recommended

https://github.com/qunarcorp/bistoury/blob/b83b87032c3a394df31300a4fe3a1123cf6d7917/pom.xml#L87 CVE-2019-20445 CVE-2019-20444 CVE-2019-16869 CVE-2020-11612 CVE-2021-21409 CVE-2021-21290 CVE-2021-21295 Recommended upgrade version:1:4.1.48-4

There is a vulnerability in jackson-databind 2.9.2,upgrade recommended

https://github.com/qunarcorp/bistoury/blob/b83b87032c3a394df31300a4fe3a1123cf6d7917/pom.xml#L75 CVE-2020-9547 CVE-2018-14719 CVE-2018-14718 CVE-2019-14379 CVE-2019-20330 Recommended upgrade version:2.9.10.8

There is a vulnerability in Netty Project 3.10.5.Final,upgrade recommended

https://github.com/qunarcorp/bistoury/blob/b83b87032c3a394df31300a4fe3a1123cf6d7917/pom.xml#L88 CVE-2019-20445 CVE-2019-20444 CVE-2019-16869 CVE-2021-21409 CVE-2021-21290 CVE-2021-21295 Recommended upgrade version:4.1.61.Final

There is a vulnerability in Logback 1.0.13,upgrade recommended

https://github.com/qunarcorp/bistoury/blob/b83b87032c3a394df31300a4fe3a1123cf6d7917/pom.xml#L490 CVE-2017-5929 Recommended upgrade version:1:1.1.2-1+deb8u1

There is a vulnerability in Simple Logging Facade for Java (SLF4J) 1.7.5,upgrade recommended

https://github.com/qunarcorp/bistoury/blob/b83b87032c3a394df31300a4fe3a1123cf6d7917/pom.xml#L89 CVE-2018-8088 Recommended upgrade version: 1.7.7.jbossorg-1