sms-integration
sms-integration copied to clipboard
otary
基于SMGP3.4协议、CMPP协议的短信发送框架
Bumps log4j-core from 2.16.0 to 2.17.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps log4j-core from 2.3 to 2.16.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands...
Bumps log4j-api from 2.3 to 2.16.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands...
Bumps `log4j2.version` from 2.3 to 2.14.0. Updates `log4j-api` from 2.3 to 2.14.0 Updates `log4j-core` from 2.3 to 2.14.0 Updates `log4j-slf4j-impl` from 2.3 to 2.14.0 You can trigger a rebase of...
Bumps `log4j2.version` from 2.3 to 2.14.0. Updates `log4j-api` from 2.3 to 2.14.0 Updates `log4j-core` from 2.3 to 2.14.0 Updates `log4j-slf4j-impl` from 2.3 to 2.14.0 You can trigger a rebase of...
检测到 otary/sms-integration 一共引入了16个开源组件,存在6个漏洞 ``` 漏洞标题:Apache Log4j2 < 2.15.0远程代码执行漏洞 缺陷组件:org.apache.logging.log4j:[email protected] 漏洞编号:CVE-2021-44228 漏洞描述:Apache log4j是java中常用的日志记录组件,攻击者发现在小于2.15.0的版本中存在远程代码执行漏洞。 漏洞原因: 由于log4j2默认支持JNDI在内的Lookup查找机制,当日志内容中包含${foo.bar}样式的内容时,会查找相应的值进行替换。因此当用户请求中的内容通过log4j作为日志内容记录时,攻击者可能通过恶意构造的内容,触发log4j的lookup方法,进而执行恶意代码。 影响范围:[2.0-beta9, 2.3.1) 最小修复版本:2.3.1 缺陷组件引入路径:cn.chenzw.sms:[email protected]>org.apache.logging.log4j:[email protected] ``` 另外还有6个漏洞,详细报告:https://mofeisec.com/jr?p=i7cdac
cn/chenzw/sms/sms-core/1.0/sms-core-1.0-sources.jar!/cn/chenzw/sms/core/protocol/smgp/SMGPSession.java:153 dead loop
