We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
大佬,你好,我是@abbykimi,我IDE运行您这个项目的时候,提示有几个漏洞,项目调用了com.fasterxml.jackson.core:jackson-databind等24个开源组件,存在51个安全漏洞,建议你升级下。
漏洞标题:FasterXML jackson-databind 代码问题漏洞 漏洞编号:CVE-2019-16942 漏洞描述: FasterXML jackson-databind是一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档,同样也可以将json、xml转换成Java对象。 FasterXML jackson-databind 2.0.0版本至2.9.10版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。攻击者可通过发送特制请求利用该漏洞在系统上执行任意代码。 国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2019-41720 影响范围:[2.9.0, 2.9.10.1) 最小修复版本:2.9.10.1 引入路径: com.cibt.crm:CRMSpringMVC@1.0-SNAPSHOT->com.fasterxml.jackson.core:jackson-databind@2.9.9
另外50个漏洞 ,信息有点多我就不贴了,你自己看下完整报告:https://www.mfsec.cn/jr?p=i8c5e7
如果你对这个issues有任何疑问可以回复我哈( @abbykimi ),我会及时回复你的。
The text was updated successfully, but these errors were encountered:
No branches or pull requests
大佬,你好,我是@abbykimi,我IDE运行您这个项目的时候,提示有几个漏洞,项目调用了com.fasterxml.jackson.core:jackson-databind等24个开源组件,存在51个安全漏洞,建议你升级下。
另外50个漏洞 ,信息有点多我就不贴了,你自己看下完整报告:https://www.mfsec.cn/jr?p=i8c5e7
如果你对这个issues有任何疑问可以回复我哈( @abbykimi ),我会及时回复你的。
The text was updated successfully, but these errors were encountered: