奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

There is a vulnerability in Spring Framework 4.3.10.RELEASE,upgrade recommended

https://github.com/qunarcorp/bistoury/blob/b83b87032c3a394df31300a4fe3a1123cf6d7917/pom.xml#L74 CVE-2018-1275 CVE-2018-1270 CVE-2018-15756 CVE-2018-1272 CVE-2018-11039 CVE-2018-1271 CVE-2020-5421 Recommended upgrade version:4.3.28-1

There is a vulnerability in Apache Tomcat 7.0.30,upgrade recommended

https://github.com/qunarcorp/bistoury/blob/b83b87032c3a394df31300a4fe3a1123cf6d7917/pom.xml#L90 CVE-2020-1938 CVE-2017-5648 CVE-2016-8735 CVE-2014-0050 CVE-2017-12615 Recommended upgrade version:7.0.108

There is a vulnerability in Apache Tomcat 8.5.5,upgrade recommended

https://github.com/qunarcorp/bistoury/blob/b83b87032c3a394df31300a4fe3a1123cf6d7917/pom.xml#L91 CVE-2020-1938 CVE-2017-5651 CVE-2018-8014 CVE-2017-5648 CVE-2016-8735 Recommended upgrade version:8.5.68

There is a vulnerability in fastjson 1.2.47,upgrade recommended

1 comment

https://github.com/dianping/cat/blob/facd399416d1caaa3fa2a613d0af963453f8c584/pom.xml#L142-L145 CVE-2020-8840 Recommended upgrade version:1.2.48.sec10

There is a vulnerability in Apache HttpComponents Client 4.5.3,upgrade recommended

https://github.com/dianping/cat/blob/facd399416d1caaa3fa2a613d0af963453f8c584/pom.xml#L132-L141 CVE-2020-13956 Recommended upgrade version:4.5.13

There is a vulnerability in mysql 5.1.20,upgrade recommended

https://github.com/dianping/cat/blob/facd399416d1caaa3fa2a613d0af963453f8c584/pom.xml#L112-L116 CVE-2017-3523 CVE-2018-3258 CVE-2019-2692 CVE-2020-2934 Recommended upgrade version:8.0.20

There is a vulnerability in Protocol Buffers 0.8.3,upgrade recommended

https://github.com/google/capillary/blob/7dda356679c8f90d73048351ea414f22a582a2b2/lib/build.gradle#L3 CVE-2015-5237 Recommended upgrade version: 0.8.13

Resources are closed incorrectly

The outputStream may throw an exception before the resource is closed,you should use try-catch-finally or try-with-resource to close the resource. Connection.getinputstream () and connection.geterrorstream () are not closed. https://github.com/google/capillary/blob/7dda356679c8f90d73048351ea414f22a582a2b2/demo/server/src/main/java/com/google/capillary/demo/server/FcmSender.java#L93-L108

There is a vulnerability in Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.3.8.v20160314,upgrade recommended

https://github.com/google/rejoiner/blob/4c7e1b3affaab92fc6a62636b7f26511c693f9bc/examples-gradle/build.gradle#L44 https://github.com/google/rejoiner/blob/4c7e1b3affaab92fc6a62636b7f26511c693f9bc/examples-gradle/build.gradle#L47 CVE-2017-7658 CVE-2017-7657 CVE-2016-4800 CVE-2017-9735 Recommended upgrade version: 9.3.29.v20201019

Unreleased Resource: Streams

2 comment

https://github.com/apache/incubator-heron/blob/612de8da1142ff07360ba8056a95351c48191d87/eco/src/java/org/apache/heron/eco/Eco.java#L153 The program can potentially fail to release a system resource.