toys's People
Forkers
mougecm pengshaokang sunshineboy lonely7345 sk163 ostarsier stardustliu adonis2014 antonio2306 lrg30067 taylor-gao lisld wsj0413 zhangzhen2540 peterwnb wfxiang08 velementsmount peacejj yxp1992 coderlen wingyiu kaysonyang galenzhang zhangjianbinjava mqingqiang likeaxa jdliao cvedetecttoys's Issues
lua脚本
if table.maxn(bucket) == 0 then
maxn should be getn
?
Dependency org.apache.httpcomponents:httpclient, leading to CVE problem
Hi, In /maven-plugins/javatoys,there is a dependency **org.apache.httpcomponents:httpclient:jar:4.5.3
** that calls the risk method.
The scope of this CVE affected version is [,4.5.13)
After further analysis, in this project, the main Api called is org.apache.http.client.utils.URIUtils: extractHost(java.net.URI)Lorg.apache.http.HttpHost
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 5
com.yigwoo.http.ApacheHttpClientTest: main(java.lang.String[])V /.m2/repository/net/sourceforge/nekohtml/nekohtml/1.9.10/nekohtml-1.9.10.jar
org.apache.http.impl.client.CloseableHttpClient: execute(org.apache.http.client.methods.HttpUriRequest)Lorg.apache.http.client.methods.CloseableHttpResponse; /.m2/repository/org/hibernate/hibernate-commons-annotations/3.1.0.GA/hibernate-commons-annotations-3.1.0.GA.jar
org.apache.http.impl.client.CloseableHttpClient: execute(org.apache.http.client.methods.HttpUriRequest,org.apache.http.protocol.HttpContext)Lorg.apache.http.client.methods.CloseableHttpResponse; /.m2/repository/org/hibernate/hibernate-commons-annotations/3.1.0.GA/hibernate-commons-annotations-3.1.0.GA.jar
org.apache.http.impl.client.CloseableHttpClient: determineTarget(org.apache.http.client.methods.HttpUriRequest)Lorg.apache.http.HttpHost; /.m2/repository/org/hibernate/hibernate-commons-annotations/3.1.0.GA/hibernate-commons-annotations-3.1.0.GA.jar
org.apache.http.client.utils.URIUtils: extractHost(java.net.URI)Lorg.apache.http.HttpHost;
Dependency tree--
[INFO] +- org.springframework:spring-core:jar:4.1.0.RELEASE:compile
[INFO] | \- commons-logging:commons-logging:jar:1.1.3:compile
[INFO] +- org.springframework:spring-context:jar:4.1.0.RELEASE:compile
[INFO] | \- org.springframework:spring-expression:jar:4.1.0.RELEASE:compile
[INFO] +- org.springframework:spring-beans:jar:4.1.0.RELEASE:compile
[INFO] +- org.springframework:spring-context-support:jar:4.1.0.RELEASE:compile
[INFO] +- org.springframework:spring-aop:jar:4.1.0.RELEASE:compile
[INFO] | \- aopalliance:aopalliance:jar:1.0:compile
[INFO] +- com.fasterxml.jackson.core:jackson-core:jar:2.4.2:compile
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.3.3:compile
[INFO] | \- com.fasterxml.jackson.core:jackson-annotations:jar:2.3.0:compile
[INFO] +- io.reactivex.rxjava2:rxjava:jar:2.0.8:compile
[INFO] | \- org.reactivestreams:reactive-streams:jar:1.0.0:compile
[INFO] +- redis.clients:jedis:jar:2.9.0:compile
[INFO] | \- org.apache.commons:commons-pool2:jar:2.4.2:compile
[INFO] +- org.projectlombok:lombok:jar:1.18.2:provided
[INFO] +- com.google.guava:guava:jar:23.0:compile
[INFO] | +- com.google.code.findbugs:jsr305:jar:1.3.9:compile
[INFO] | +- com.google.errorprone:error_prone_annotations:jar:2.0.18:compile
[INFO] | +- com.google.j2objc:j2objc-annotations:jar:1.1:compile
[INFO] | \- org.codehaus.mojo:animal-sniffer-annotations:jar:1.14:compile
[INFO] +- junit:junit:jar:4.12:compile
[INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:compile
[INFO] +- io.netty:netty-all:jar:4.0.29.Final:compile
[INFO] +- com.google.protobuf:protobuf-java:jar:2.6.1:compile
[INFO] +- org.openid4java:openid4java:jar:1.0.0:compile
[INFO] | +- net.sourceforge.nekohtml:nekohtml:jar:1.9.10:compile
[INFO] | +- com.google.inject:guice:jar:2.0:compile
[INFO] | \- xerces:xercesImpl:jar:2.8.1:compile
[INFO] | \- xml-apis:xml-apis:jar:1.3.03:compile
[INFO] +- com.google.oauth-client:google-oauth-client:jar:1.20.0:compile
[INFO] | \- com.google.http-client:google-http-client:jar:1.20.0:compile
[INFO] +- org.apache.commons:commons-lang3:jar:3.4:compile
[INFO] +- org.assertj:assertj-core:jar:3.1.0:compile
[INFO] +- org.apache.httpcomponents:httpclient:jar:4.5.3:compile
[INFO] | +- org.apache.httpcomponents:httpcore:jar:4.4.6:compile
[INFO] | \- commons-codec:commons-codec:jar:1.9:compile
[INFO] +- commons-io:commons-io:jar:2.5:compile
[INFO] +- org.apache.httpcomponents:fluent-hc:jar:4.5.3:compile
[INFO] \- org.jbpm.jbpm4:jbpm-pvm:jar:4.2:compile
[INFO] +- org.jbpm.jbpm4:jbpm-api:jar:4.2:compile
[INFO] | \- jboss:jboss-j2ee:jar:4.2.2.GA:compile
[INFO] +- org.jbpm.jbpm4:jbpm-log:jar:4.2:compile
[INFO] +- org.jbpm.jbpm4:jbpm-test-base:jar:4.2:compile
[INFO] | \- org.hibernate:hibernate-core:jar:3.3.1.GA:compile
[INFO] | +- antlr:antlr:jar:2.7.6:compile
[INFO] | \- commons-collections:commons-collections:jar:3.1:compile
[INFO] +- org.apache.ant:ant:jar:1.7.0:compile
[INFO] | \- org.apache.ant:ant-launcher:jar:1.7.0:compile
[INFO] +- log4j:log4j:jar:1.2.14:compile
[INFO] +- juel:juel:jar:2.1.0:compile
[INFO] +- juel:juel-impl:jar:2.1.0:compile
[INFO] +- juel:juel-engine:jar:2.1.0:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.5.2:compile
[INFO] +- org.slf4j:slf4j-jdk14:jar:1.5.2:compile
[INFO] +- org.jboss.identity.idm:idm-core:jar:1.0.0.Beta1:compile
[INFO] | +- org.jboss.identity.idm:idm-common:jar:1.0.0.Beta1:compile
[INFO] | +- org.jboss.identity.idm:idm-api:jar:1.0.0.Beta1:compile
[INFO] | +- org.jboss.identity.idm:idm-spi:jar:1.0.0.Beta1:compile
[INFO] | \- com.sun.xml.bind:jaxb-impl:jar:2.1.8:compile
[INFO] | \- javax.xml.bind:jaxb-api:jar:2.1:compile
[INFO] | \- javax.xml.stream:stax-api:jar:1.0-2:compile
[INFO] +- org.jboss.identity.idm:idm-hibernate:jar:1.0.0.Beta1:compile
[INFO] | +- javassist:javassist:jar:3.4.GA:compile
[INFO] | +- org.hibernate:hibernate-cglib-repack:jar:2.1_3:compile
[INFO] | \- org.slf4j:slf4j-log4j12:jar:1.5.2:compile
[INFO] +- org.hibernate:hibernate-entitymanager:jar:3.4.0.GA:compile
[INFO] | +- org.hibernate:ejb3-persistence:jar:1.0.2.GA:compile
[INFO] | +- org.hibernate:hibernate-commons-annotations:jar:3.1.0.GA:compile
[INFO] | +- org.hibernate:hibernate-annotations:jar:3.4.0.GA:compile
[INFO] | +- dom4j:dom4j:jar:1.6.1:compile
[INFO] | \- javax.transaction:jta:jar:1.1:compile
[INFO] +- org.livetribe:livetribe-jsr223:jar:2.0.5:compile
[INFO] \- javax.mail:mail:jar:1.4.1:compile
[INFO] \- javax.activation:activation:jar:1.1:compile
Suggested solutions:
Update dependency version
Thank you very much.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.