Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

同学,您这个项目引入了13个开源组件,存在53个漏洞,辛苦升级一下 #229

Open
ghost opened this issue Mar 7, 2022 · 1 comment
Open

同学,您这个项目引入了13个开源组件,存在53个漏洞,辛苦升级一下 #229

ghost opened this issue Mar 7, 2022 · 1 comment
Labels
help wanted Extra attention is needed

Comments

@ghost
Copy link

ghost commented Mar 7, 2022

检测到 damingerdai/hoteler 一共引入了13个开源组件,存在53个漏洞

漏洞标题:FasterXML jackson-databind 代码问题漏洞
缺陷组件:com.fasterxml.jackson.core:jackson-databind@2.9.6
漏洞编号:CVE-2019-16943
漏洞描述:FasterXML jackson-databind是一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档,同样也可以将json、xml转换成Java对象。
FasterXML jackson-databind 2.0.0版本至2.9.10版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。攻击者可利用该漏洞执行任意代码。
国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2019-41721
影响范围:[2.9.0, 2.9.10.1)
最小修复版本:2.9.10.1
缺陷组件引入路径:org.daming:hoteler@0.0.1-SNAPSHOT->io.jsonwebtoken:jjwt@0.9.1->com.fasterxml.jackson.core:jackson-databind@2.9.6

另外还有53个漏洞,详细报告:https://mofeisec.com/jr?p=iaa1e9
@damingerdai damingerdai mentioned this issue Mar 8, 2022
Merged
4 tasks
@damingerdai damingerdai added the help wanted Extra attention is needed label Mar 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@damingerdai and others