奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

There is a vulnerability in Spring Boot 2.6.2,upgrade recommended

https://github.com/microsoft/botbuilder-java/blob/fd8ceb672fc1da2488711210cbbfd62b39b54919/libraries/bot-integration-spring/pom.xml#L77-L82 CVE-2022-22965 Recommended upgrade version:2.6.5

ExemptFromDailyDRIReport

There is a vulnerability in Simple Logging Facade for Java (SLF4J) 1.7.22,upgrade recommended

https://github.com/microsoft/botbuilder-java/blob/fd8ceb672fc1da2488711210cbbfd62b39b54919/pom.xml#L317-L321 CVE-2018-8088 Recommended upgrade version:1.7.26

ExemptFromDailyDRIReport

There is a vulnerability in Microsoft Azure client library for Blob Storage 12.17.1,upgrade recommended

https://github.com/microsoft/botbuilder-java/blob/fd8ceb672fc1da2488711210cbbfd62b39b54919/libraries/bot-azure/pom.xml#L90-L95 CVE-2022-30187 Recommended upgrade version:12.18.0

ExemptFromDailyDRIReport

There is a vulnerability in Spring Framework 5.3.18,upgrade recommended

1 comment

https://github.com/microsoft/botbuilder-java/blob/fd8ceb672fc1da2488711210cbbfd62b39b54919/libraries/bot-integration-spring/pom.xml#L72-L76 CVE-2022-22968 CVE-2022-22971 CVE-2022-22970 Recommended upgrade version:5.3.20

ExemptFromDailyDRIReport

There is a vulnerability in Apache Maven 3.3.3,upgrade recommended

https://github.com/microsoft/azure-maven-plugins/blob/a7e667210ec6fbf10def857d691caf1fbbdadf2b/pom.xml#L70 CVE-2021-26291 Recommended upgrade version:3.8.1

Reason: wont-fix

There is a vulnerability in Simple Logging Facade for Java (SLF4J) 1.7.25,upgrade recommended

https://github.com/apache/mnemonic/blob/6395b5a69b58a37eefcc605f2166992ed3710467/build.gradle#L54 CVE-2018-8088 Recommended upgrade version:1.7.26

There is a vulnerability in Logback 1.1.7,upgrade recommended

https://github.com/apache/mnemonic/blob/6395b5a69b58a37eefcc605f2166992ed3710467/build.gradle#L56-L57 CVE-2017-5929 CVE-2021-42550 Recommended upgrade version:1.2.8

There is a vulnerability in Apache Hadoop 2.7.3,upgrade recommended

https://github.com/apache/mnemonic/blob/6395b5a69b58a37eefcc605f2166992ed3710467/mnemonic-hadoop/mnemonic-hadoop-mapreduce/build.gradle#L33 CVE-2021-37404 CVE-2022-25168 CVE-2022-26612 CVE-2017-15718 Recommended upgrade version:2.10.2

Weak Cryptographic Hash

https://github.com/NetApp/eseries-perf-analyzer/blob/67c9c3059d40a668b3598ffcbde1559fb98f910f/plugins/eseries_monitoring/collector/collector.py#L526 In systems with high security requirements, sha-series algorithms (such as sha-224, sha-256, sha-384, and sha-512) with a hash value of >=224 bits should be used to ensure the integrity...

Double-Checked Locking

https://github.com/fujitsu/launcher/blob/0339f0bf2f9cb5c82b761b6b873cd4830c7dc268/launcher-impl/glassfish/src/main/java/com/sun/web/security/RealmAdapter.java#L511-L522 Double-Checked Locking is widely cited and used as an efficient method for implementing lazy initialization in a multithreaded environment. Unfortunately, it will not work reliably in a platform independent...