奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

There is a vulnerability in NuProcess:2.0.3,upgrade recommended

https://github.com/Kotlin/kotlin-spec/blob/b574dd2866b73e86b0ef57b21b64a8e57b7d19df/docs/build.gradle.kts#L63 CVE-2022-39243 Recommended upgrade version:2.0.5

Weak Cryptographic Hash

I found a reflective Weak Cryptographic Hash issue in the request.py Details are as follows: ![image](https://user-images.githubusercontent.com/39950310/53553124-e0ca1d80-3b77-11e9-9c2d-c89d01e1badc.png) Weak cryptographic hashes cannot guarantee data integrity and should not be used in security-critical...

Cross-Site Scripting: Reflected

https://github.com/apple/ccs-pycalendar/blob/77adc8809104c4391312e35c01aaf114b11c4e3c/src/zonal/tzconvert.py#L277-L278 Sending unvalidated data to a web browser can result in the browser executing malicious code.

There is a vulnerability in spark-java 2.3,upgrade recommended

https://github.com/yahoo/cubed/blob/5311d385ac74f6b244f8406ac719012a62fb5cd3/pom.xml#L61 CVE-2016-9177 CVE-2018-9159 Recommended upgrade version: 2.7.2

There is a vulnerability in jackson-databind 1.9.13,upgrade recommended

https://github.com/yahoo/cubed/blob/5311d385ac74f6b244f8406ac719012a62fb5cd3/pom.xml#L190 CVE-2019-14893 CVE-2018-7489 CVE-2019-17267 CVE-2019-16335 CVE-2019-14540 CVE-2017-15095 Recommended upgrade version:2.9.10.3

Unused Field

https://github.com/Netflix/dyno/blob/7efd3c36fa7ace3d801e67cbb5c8a7f6f1aa5e2f/dyno-core/src/main/java/com/netflix/dyno/connectionpool/impl/ConnectionPoolConfigurationImpl.java#L46 This field is never used.

Unreleased Resource: Streams

https://github.com/Netflix/dyno/blob/7efd3c36fa7ace3d801e67cbb5c8a7f6f1aa5e2f/dyno-jedis/src/test/java/com/netflix/dyno/jedis/utils/SSLContextUtil.java#L20 The program can potentially fail to release a system resource.

Unreleased Resource: Streams

1 comment

https://github.com/Netflix/Fenzo/blob/8c82038d8021b06711e2dc88157db078638d7524/fenzo-core/src/test/java/com/netflix/fenzo/SampleLargeNumTasksToInit.java#L85 The program can potentially fail to release a system resource.

Unused variable

https://github.com/Netflix/Fenzo/blob/8c82038d8021b06711e2dc88157db078638d7524/fenzo-core/src/test/java/com/netflix/fenzo/TestLotsOfTasks.java#L181 This variable is never used.

Double-Checked Locking

1 comment

https://github.com/Netflix/hollow/blob/7ff25c9b3113d731341ca203ee81a46d7ab46cdc/hollow-jsonadapter/src/main/java/com/netflix/hollow/jsonadapter/discover/HollowJsonAdapterSchemaDiscoverer.java#L191-L195 double-Checked Locking is widely cited and used as an efficient method for implementing lazy initialization in a multithreaded environment. Unfortunately, it will not work reliably in a platform independent...