奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

Unreleased Resource: Streams

https://github.com/Netflix/hollow/blob/7ff25c9b3113d731341ca203ee81a46d7ab46cdc/hollow-ui-tools/src/main/java/com/netflix/hollow/ui/HollowUIRouter.java#L79 The program can potentially fail to release a system resource.

There is a vulnerability in Guava: Google Core Libraries for Java 15.0 ,upgrade recommended

https://github.com/Netflix/Hystrix/blob/3cb21589895e9f8f87cfcdbc9d96d9f63d48b848/hystrix-contrib/hystrix-javanica/build.gradle#L103 CVE-2018-10237 CVE-2020-8908 Recommended upgrade version: 24.1.1.jre

There is a vulnerability in jackson-databind 2.7.5 ,upgrade recommended

https://github.com/Netflix/Hystrix/blob/3cb21589895e9f8f87cfcdbc9d96d9f63d48b848/hystrix-serialization/build.gradle#L14 CVE-2020-9547 CVE-2018-14719 CVE-2018-14718 CVE-2019-14379 CVE-2019-20330 Recommended upgrade version:2.9.10.8

There is a vulnerability in Bouncy Castle 1.56 ,upgrade recommended

https://github.com/facebook/DelegatedRecoveryReferenceImplementation/blob/9cf7c1cabddac828c854aa3f8d697e37cd2e33b0/sdk/java-src/pom.xml#L59-L63 CVE-2018-1000613 Recommended upgrade version:1.66

It is not safe to write URL to log

https://github.com/vmware/go-vmware-nsxt/blob/23201aae9cc3060919898b18f37de99da5f4f667/api_client.go#L392 `request.URL` can contain any characters, it is not safe to put it in the log.

The return value of 'sscanf()' should be checked

1 comment

https://github.com/vmware/likewise-open/blob/d6511c1389f84e178520c844451885be360c2d9b/krb5/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c#L71

Reflective xss

hi: I found a reflective xss vulnerability in the GetSimilarHashtagsServlet.java Details are as follows: ![default](https://user-images.githubusercontent.com/39950310/53141652-d7671100-35cb-11e9-84c3-41fbc0331bad.png) The "hashtag" parameter in the get request is received at line 38 of the file....

‘index’ is Unused variables

https://github.com/twitter/caladrius/blob/9094d7542fb1796a690fed2b8b0083533dcac67e/traffic_provider/current_traffic.py#L84 Variables declared but not used, or reassigned before they are used, can be the result of programmer negligence

Unreleased Resource: Streams

https://github.com/twitter/hraven/blob/e35996b6e2f016bcd18db0bad320be7c93d95208/hraven-core/src/main/java/com/twitter/hraven/Cluster.java#L52 The program can potentially fail to release a system resource.

Unused Field

https://github.com/twitter/sbf/blob/41afeaeb6de374dd0cb30aaa9ba6cd618e546de6/src/main/java/com/twitter/sbf/core/SparseRealMatrix.java#L98 https://github.com/twitter/sbf/blob/41afeaeb6de374dd0cb30aaa9ba6cd618e546de6/src/main/java/com/twitter/sbf/core/SparseRealMatrix.java#L110 These fields are never used.