Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Improvement][!web,*] Vulnerabilities in dependencies need to be improved #2107

Closed
2 of 3 tasks
Zzm0809 opened this issue Jun 25, 2023 · 4 comments
Closed
2 of 3 tasks

[Improvement][!web,*] Vulnerabilities in dependencies need to be improved #2107

Zzm0809 opened this issue Jun 25, 2023 · 4 comments
Labels
First Contributor Good First Issue Good for newcomers Invalid Invalid Optimization Optimization function

Comments

@Zzm0809
Copy link
Contributor

Zzm0809 commented Jun 25, 2023

Search before asking

  • I had searched in the issues and found no similar feature requirement.

Description

Vulnerabilities in dependencies need to be improved
all pom.xml

Use case

No response

Related issues

No response

Are you willing to submit a PR?

  • Yes I am willing to submit a PR!

Code of Conduct
@Zzm0809 Zzm0809 added Waiting for reply Waiting for reply Good First Issue Good for newcomers Optimization Optimization function First Contributor and removed Waiting for reply Waiting for reply labels Jun 25, 2023
@leeoo
Copy link
Contributor

leeoo commented Dec 27, 2023
edited
Loading

jmx_prometheus_javaagent 0.16.1
CVE: CVE-2022-25857, CVE-2022-38752, CVE-2022-1471
See details in https://github.com/prometheus/jmx_exporter/releases

@leeoo
Copy link
Contributor

leeoo commented Dec 27, 2023

snakeyaml 1.33
CVE: CVE-2022-1471
See detail in https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes
Related issues:
https://github.com/StevenBuglione/spring-boot-2-snakeyaml2-upgrade
Tencent/spring-cloud-tencent#982 支持或者兼容 Snakeyaml 2.0
https://blog.csdn.net/LJQClqjc/article/details/128388601 漏洞深度分析|CVE-2022-1471 SnakeYaml 命令执行漏洞
https://blog.csdn.net/weixin_44981472/article/details/131943181 nakeyaml升级2.0版本遇见的坑,解决办法

@leeoo
Copy link
Contributor

leeoo commented Jan 3, 2024

guava 31.1-jre
CVE: CVE-2023-2976, CVE-2020-8908
See details in https://github.com/google/guava/releases

@github-actions github-actions bot added the Invalid Invalid label Mar 1, 2024
@DataLinkDC DataLinkDC deleted a comment from github-actions bot Apr 24, 2024
@Zzm0809 Zzm0809 removed the Invalid Invalid label Apr 24, 2024
@github-actions github-actions bot added the Invalid Invalid label Jun 1, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 1, 2024

Hello @, this issue has not been active for more than 30 days. This issue will be closed in 7 days if there is no response. If you have any questions, you can comment and reply.

你好 @, 这个 issue 30 天内没有活跃,7 天后将关闭,如需回复,可以评论回复。

@Zzm0809 Zzm0809 closed this as completed Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
First Contributor Good First Issue Good for newcomers Invalid Invalid Optimization Optimization function
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leeoo @Zzm0809