奇安信CodeSafe issues

Results 348 issues of


                                            奇安信CodeSafe

There is a vulnerability in Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.4.8.v20171121,upgrade recommended

https://github.com/google/data-transfer-project/blob/d5c4479d817d5b363af8d07ee757fe99f8713cc8/extensions/transport/portability-transport-jettyrest/build.gradle#L31 CVE-2017-7658 CVE-2017-7657 CVE-2017-7656 CVE-2018-12545 Recommended upgrade version：9.4.35.v20201120

There is a vulnerability in Hadoop 2.7.3 ,upgrade recommended

https://github.com/Qihoo360/XLearning/blob/749b8a9e90140f0825709b71ffba128e9e55b098/pom.xml#L13 CVE-2017-15718 CVE-2018-1296 Recommended upgrade version：2.10.0

There is a vulnerability in MySQL Connector/J 5.1.39,upgrade recommended

https://github.com/qunarcorp/qmq/blob/a285a88b9fe92f5d334aebdef80def300e4f286e/pom.xml#L184 CVE-2018-3258 CVE-2019-2692 CVE-2020-2875 CVE-2020-2934 CVE-2020-2933 Recommended upgrade version：8.0.20

There is a vulnerability in Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.4.17.v20190418,upgrade recommended

https://github.com/qunarcorp/qmq/blob/a285a88b9fe92f5d334aebdef80def300e4f286e/pom.xml#L89 CVE-2021-28165 CVE-2020-27216 CVE-2020-27223 CVE-2021-28169 CVE-2020-27218 Recommended upgrade version：9.4.39-2

There is a vulnerability in Simple Logging Facade for Java (SLF4J) 1.7.25,upgrade recommended

https://github.com/qunarcorp/qmq/blob/a285a88b9fe92f5d334aebdef80def300e4f286e/pom.xml#L90 CVE-2018-8088 Recommended upgrade version：1.7.31

There is a vulnerability in jackson-databind 2.9.9,upgrade recommended

https://github.com/qunarcorp/qmq/blob/a285a88b9fe92f5d334aebdef80def300e4f286e/pom.xml#L88 CVE-2020-9547 CVE-2019-14379 CVE-2019-20330 CVE-2019-16943 CVE-2019-16942 Recommended upgrade version： 2.9.10.8

There is a vulnerability in Apache Commons Collections 3.2.1 ,upgrade recommended

https://github.com/qunarcorp/qmq/blob/a285a88b9fe92f5d334aebdef80def300e4f286e/qmq-watchdog/pom.xml#L19 CVE-2017-15708 CVE-2015-6420 CVE-2015-7501 Recommended upgrade version： 3.2.2

There is a vulnerability in Spring Framework 4.2.3.RELEASE,upgrade recommended

https://github.com/qunarcorp/qmq/blob/a285a88b9fe92f5d334aebdef80def300e4f286e/pom.xml#L87 CVE-2018-1270 CVE-2016-5007 CVE-2018-15756 CVE-2018-1272 CVE-2018-1271 CVE-2020-5421 Recommended upgrade version：4.3.28-1

There is a vulnerability in Apache Tomcat 7.0.30,upgrade recommended

https://github.com/qunarcorp/qmq/blob/a285a88b9fe92f5d334aebdef80def300e4f286e/qmq-watchdog/pom.xml#L45 CVE-2020-1938 CVE-2017-5648 CVE-2016-8735 CVE-2014-0050 CVE-2017-12615 Recommended upgrade version： 7.0.108

Cross-Site Scripting: Reflected

https://github.com/qunarcorp/qmq/blob/a285a88b9fe92f5d334aebdef80def300e4f286e/qmq-metaserver/src/main/java/qunar/tc/qmq/meta/web/MetaManagementServlet.java#L39-L52 Sending unvalidated data to a web browser can result in the browser executing malicious code. In line 40，‘actionName’ was Contaminated，It could affect line 50