I am Martial Le TOULLEC, people call me Koromerzhin,
No activity tracked
Modpack Beyond Celtic
License: MIT License
Compiler for the Scala Programming Language
Library home page: http://www.scala-lang.org/
Path to vulnerable library: /libraries/org/scala-lang/scala-compiler/2.11.1/scala-compiler-2.11.1.jar
Found in HEAD commit: f192d0288b4a97da7b9c2d49e2b9af6541868d50
CVE | Severity | CVSS | Dependency | Type | Fixed in (scala-compiler version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2017-15288 | High | 7.8 | scala-compiler-2.11.1.jar | Direct | 2.11.12 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Compiler for the Scala Programming Language
Library home page: http://www.scala-lang.org/
Path to vulnerable library: /libraries/org/scala-lang/scala-compiler/2.11.1/scala-compiler-2.11.1.jar
Dependency Hierarchy:
Found in HEAD commit: f192d0288b4a97da7b9c2d49e2b9af6541868d50
Found in base branch: main
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
Publish Date: 2017-11-15
URL: CVE-2017-15288
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-15288
Release Date: 2017-11-15
Fix Resolution: 2.11.12
Step up your Open Source Security Game with Mend here
The following file versions have been removed from CurseForge:
overrides/mods/Gobber2-Forge-1.16.5-2.3.51.jar
akka-actor
Library home page: http://akka.io/
Path to vulnerable library: /libraries/com/typesafe/akka/akka-actor_2.11/2.3.3/akka-actor_2.11-2.3.3.jar
Found in HEAD commit: f192d0288b4a97da7b9c2d49e2b9af6541868d50
CVE | Severity | CVSS | Dependency | Type | Fixed in (akka-actor_2.11 version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2017-1000034 | High | 8.1 | akka-actor_2.11-2.3.3.jar | Direct | 2.4.11.2 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
akka-actor
Library home page: http://akka.io/
Path to vulnerable library: /libraries/com/typesafe/akka/akka-actor_2.11/2.3.3/akka-actor_2.11-2.3.3.jar
Dependency Hierarchy:
Found in HEAD commit: f192d0288b4a97da7b9c2d49e2b9af6541868d50
Found in base branch: main
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.
Publish Date: 2017-07-17
URL: CVE-2017-1000034
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-1000034
Release Date: 2017-07-13
Fix Resolution: 2.4.11.2
Step up your Open Source Security Game with Mend here
JLine
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/jline-parent/jline
Path to vulnerable library: /libraries/org/jline/jline/3.5.1/jline-3.5.1.jar
CVE | Severity | CVSS | Dependency | Type | Fixed in (jline version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2023-50572 | Medium | 5.5 | jline-3.5.1.jar | Direct | 3.25.0 | โ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
JLine
Library home page: http://nexus.sonatype.org/oss-repository-hosting.html/jline-parent/jline
Path to vulnerable library: /libraries/org/jline/jline/3.5.1/jline-3.5.1.jar
Dependency Hierarchy:
Found in base branch: main
An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error.
Publish Date: 2023-12-29
URL: CVE-2023-50572
Base Score Metrics:
Type: Upgrade version
Release Date: 2023-12-29
Fix Resolution: 3.25.0
Step up your Open Source Security Game with Mend here
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
.github/workflows/ci.yml
actions/checkout v4
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.