奇安信CodeSafe issues

Results 348 issues of


                                            奇安信CodeSafe

There is a vulnerability in Bouncy Castle 1.58.0.0 ,upgrade recommended

https://github.com/square/subzero/blob/1576d76a060fd74dee98f24beb6f35756cee6bf8/java/shared/pom.xml#L40 CVE-2018-1000613 CVE-2018-1000180 CVE-2017-13098 CVE-2020-26939 Recommended upgrade version：： 1.61

Hardcoded file separator

https://github.com/Tencent/HaboMalHunter/blob/74fd9fb7ec59321448c6b397eabb0464f2a649a4/iot_hunter/dynamic_analysis/PluginManager.py#L21 The path split symbol problem is different for different operating systems. Hard-coded file separators should not be used. Instead, use a platform-independent API provided by the language library,such as...

Memory leak?

Hi all, This is 360 CodeSafe Team, we found a suspicious memory leak, at https://github.com/zetavm/zetavm/blob/61af9cd317fa5629f570b30b61ea8c7ffc375e59/plush/codegen.cpp#L1005. `auto joinBlock = new Block();` allocate a memory region with `Block` type, and assign the...

bug

Open Redirect

https://github.com/sohutv/cachecloud/blob/f9dfc98eadcfd7d56821852ece0c73d14cb171e1/cachecloud-web/src/main/java/com/sohu/cache/web/controller/IndexController.java#L25-L32 Allowing unvalidated input to control the URL used in a redirect can aid phishing attacks. In line 25, ‘redirectUrl’ is regarded to as tainted data,it will be affect line...

Cross-Site Scripting: Reflected

https://github.com/sohutv/cachecloud/blob/f9dfc98eadcfd7d56821852ece0c73d14cb171e1/cachecloud-web/src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java#L95 https://github.com/sohutv/cachecloud/blob/f9dfc98eadcfd7d56821852ece0c73d14cb171e1/cachecloud-web/src/main/webapp/WEB-INF/jsp/client/appClientIndex.jsp#L19-L20 Sending unvalidated data to a web browser can result in the browser executing malicious code. In line 95, ‘startDate’ is regarded to as tainted data,it will be affect...

There is a vulnerability in spotless-plugin-gradle 3.15.0,upgrade recommended

https://github.com/google/santa-tracker-android/blob/bac925e399877e268e9faff0c3131befcc70f2e8/build.gradle#L129 CVE-2019-9843 Recommended upgrade version：3.20.0

There is a vulnerability in spotless-plugin-gradle 3.15.0 ,upgrade recommended

https://github.com/google/santa-tracker-android/blob/bac925e399877e268e9faff0c3131befcc70f2e8/build.gradle#L144 CVE-2019-9843 Recommended upgrade version：3.20.0

任意文件上传漏洞

您好： 360代码卫士团队在lemon中发现了任意文件上传漏洞，详细信息如下：在CdnController.java文件中，存在文件上传的功能 ![default](https://user-images.githubusercontent.com/39950310/46722641-94ee0900-cca8-11e8-9604-fdf5eb1bee8d.png) 调用了CdnUtils中的copyMultipartFileToFile方法，但是方法中只对文件上传的文件名是否还有../做了判断并没有对文件类型和spaceName参数做判断，所以依然是可以上传任意文件并且通过spaceName来进行路径回溯 ![default](https://user-images.githubusercontent.com/39950310/46722817-0928ac80-cca9-11e8-9d28-ef2442831a75.png)

ssrf

您好，我是360代码卫士团队的工作人员，在lemon项目中发现了服务器端请求伪造漏洞(ssrf)，详细信息如下 CdnController.java文件中接收了http请求中的url参数 ![default](https://user-images.githubusercontent.com/39950310/46716441-9c0c1b80-cc96-11e8-9ba7-3f3b8516395b.png) 并在后续代码中调用了CdnUtils.java中的copyUrlToFile() ![default](https://user-images.githubusercontent.com/39950310/46716540-04f39380-cc97-11e8-81ae-b252edbc6455.png) 函数中用url又创建了一个新的http连接，这样恶意攻击者可以通过控制url来造成ssrf攻击

There is a vulnerability in gin v1.3.0 ,upgrade recommended

https://github.com/bilibili/overlord/blob/b524449801b54115831e7f2663558824bdc15a03/go.mod#L18 CVE-2020-28483 Recommended upgrade version：v1.7.1