Giter Club home page Giter Club logo

Comments (5)

gnespolino avatar gnespolino commented on May 29, 2024

OWASP check output:

One or more dependencies were identified with known vulnerabilities in lodview:

apache-jena-libs-2.13.0.pom (pkg:maven/org.apache.jena/[email protected], cpe:2.3:a:apache:jena:2.13.0:*:*:*:*:*:*:*) : CVE-2021-39239, CVE-2022-28890
commons-httpclient-3.0.1.jar (pkg:maven/commons-httpclient/[email protected], cpe:2.3:a:apache:commons-httpclient:3.0.1:*:*:*:*:*:*:*, cpe:2.3:a:apache:httpclient:3.0.1:*:*:*:*:*:*:*) : CVE-2012-5783, CVE-2020-13956
commons-io-2.4.jar (pkg:maven/commons-io/[email protected], cpe:2.3:a:apache:commons_io:2.4:*:*:*:*:*:*:*) : CVE-2021-29425
httpclient-4.2.6.jar (pkg:maven/org.apache.httpcomponents/[email protected], cpe:2.3:a:apache:httpclient:4.2.6:*:*:*:*:*:*:*) : CVE-2014-3577, CVE-2015-5262, CVE-2020-13956
httpclient-cache-4.2.6.jar (pkg:maven/org.apache.httpcomponents/[email protected], cpe:2.3:a:apache:httpclient:4.2.6:*:*:*:*:*:*:*) : CVE-2014-3577, CVE-2020-13956
jackson-databind-2.3.3.jar (pkg:maven/com.fasterxml.jackson.core/[email protected], cpe:2.3:a:fasterxml:jackson-databind:2.3.3:*:*:*:*:*:*:*) : CVE-2017-7525, CVE-2018-7489, CVE-2020-35490, CVE-2020-35491, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004
jdom-1.0.jar (pkg:maven/jdom/[email protected], cpe:2.3:a:jdom:jdom:1.0:*:*:*:*:*:*:*) : CVE-2021-33813
jena-core-2.13.0.jar (pkg:maven/org.apache.jena/[email protected], cpe:2.3:a:apache:jena:2.13.0:*:*:*:*:*:*:*) : CVE-2021-39239, CVE-2022-28890
jena-tdb-1.1.2.jar (pkg:maven/org.apache.jena/[email protected], cpe:2.3:a:apache:jena:1.1.2:*:*:*:*:*:*:*) : CVE-2021-39239, CVE-2022-28890
jquery.jplayer.js (pkg:javascript/[email protected]) : CVE-2013-1942, CVE-2013-2022, CVE-2013-2023
jquery.min.js (pkg:javascript/[email protected]) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023
jstl-api-1.2.jar (pkg:maven/javax.servlet.jsp.jstl/[email protected], cpe:2.3:a:tag_project:tag:1.2:*:*:*:*:*:*:*) : CVE-2020-29242, CVE-2020-29243, CVE-2020-29244, CVE-2020-29245
jstl-impl-1.2.jar (pkg:maven/org.glassfish.web/[email protected], cpe:2.3:a:tag_project:tag:1.2:*:*:*:*:*:*:*, cpe:2.3:a:taglib:taglib:1.2:*:*:*:*:*:*:*) : CVE-2015-0254, CVE-2020-29242, CVE-2020-29243, CVE-2020-29244, CVE-2020-29245
libthrift-0.9.2.jar (pkg:maven/org.apache.thrift/[email protected], cpe:2.3:a:apache:thrift:0.9.2:*:*:*:*:*:*:*) : CVE-2015-3254, CVE-2016-5397, CVE-2018-11798, CVE-2018-1320, CVE-2019-0205
log4j-1.2.17.jar (pkg:maven/log4j/[email protected], cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*) : CVE-2019-17571, CVE-2020-9493, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
logback-core-1.0.7.jar (pkg:maven/ch.qos.logback/[email protected], cpe:2.3:a:qos:logback:1.0.7:*:*:*:*:*:*:*) : CVE-2017-5929, CVE-2021-42550
snakeyaml-1.13.jar (pkg:maven/org.yaml/[email protected], cpe:2.3:a:snakeyaml_project:snakeyaml:1.13:*:*:*:*:*:*:*, cpe:2.3:a:yaml_project:yaml:1.13:*:*:*:*:*:*:*) : CVE-2017-18640, CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752
spring-aop-4.2.4.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.2.4:release:*:*:*:*:*:*) : CVE-2016-1000027, CVE-2016-5007, CVE-2016-9878, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-1270, CVE-2018-15756, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
spring-boot-1.1.4.RELEASE.jar (pkg:maven/org.springframework.boot/[email protected], cpe:2.3:a:vmware:spring_boot:1.1.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:1.1.4:release:*:*:*:*:*:*) : CVE-2013-4152, CVE-2013-7315, CVE-2014-0054, CVE-2016-1000027, CVE-2017-8046, CVE-2018-11039, CVE-2018-11040, CVE-2018-1196, CVE-2018-1257, CVE-2020-5421, CVE-2021-26987, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970, CVE-2022-27772
spring-boot-starter-integration-1.1.4.RELEASE.jar (pkg:maven/org.springframework.boot/[email protected], cpe:2.3:a:vmware:spring_boot:1.1.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:1.1.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_integration:1.1.4:release:*:*:*:*:*:*) : CVE-2013-4152, CVE-2013-7315, CVE-2014-0054, CVE-2016-1000027, CVE-2017-8046, CVE-2018-11039, CVE-2018-11040, CVE-2018-1196, CVE-2018-1257, CVE-2019-3772, CVE-2020-5421, CVE-2021-26987, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970, CVE-2022-27772
spring-core-4.2.4.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.2.4:release:*:*:*:*:*:*) : CVE-2016-1000027, CVE-2016-5007, CVE-2016-9878, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-1270, CVE-2018-1272, CVE-2018-15756, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
spring-integration-core-4.0.2.RELEASE.jar (pkg:maven/org.springframework.integration/[email protected], cpe:2.3:a:vmware:spring_framework:4.0.2:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_integration:4.0.2:release:*:*:*:*:*:*) : CVE-2014-0225, CVE-2015-5211, CVE-2016-1000027, CVE-2016-5007, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2019-3772, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
spring-messaging-4.0.6.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.0.6:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.0.6:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.0.6:release:*:*:*:*:*:*) : CVE-2014-3625, CVE-2015-5211, CVE-2016-1000027, CVE-2016-5007, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-1270, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970, CVE-2022-22971
spring-retry-1.1.0.RELEASE.jar (pkg:maven/org.springframework.retry/[email protected], cpe:2.3:a:vmware:spring_framework:1.1.0:release:*:*:*:*:*:*) : CVE-2013-4152, CVE-2013-7315, CVE-2014-0054, CVE-2016-1000027, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
spring-tx-4.0.6.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.0.6:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.0.6:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.0.6:release:*:*:*:*:*:*) : CVE-2014-3625, CVE-2015-5211, CVE-2016-1000027, CVE-2016-5007, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-1270, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
spring-webmvc-4.2.4.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.2.4:release:*:*:*:*:*:*) : CVE-2016-1000027, CVE-2016-5007, CVE-2016-9878, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-1270, CVE-2018-1271, CVE-2018-15756, CVE-2020-5397, CVE-2020-5421, CVE-2021-22060, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
xercesImpl-2.11.0.jar (pkg:maven/xerces/[email protected], cpe:2.3:a:apache:xerces2_java:2.11.0:*:*:*:*:*:*:*) : CVE-2012-0881, CVE-2013-4002, CVE-2017-10355, CVE-2022-23437

from lodview.

ioggstream avatar ioggstream commented on May 29, 2024

@dvcama we updated LodView with various security checks and with a substantial rewrite of code here https://github.com/teamdigitale/dati-semantic-lodview

The app behavior should be the same. Feel free to provide feedback. You are welcome to merge the changes in this repo.

Have a nice day, R. cc: @giorgialodi @smazzini

from lodview.

KonradHoeffner avatar KonradHoeffner commented on May 29, 2024

@ioggstream Sounds great! Can you also provide it as one or more pull requests? That may be easier to integrate.

from lodview.

ioggstream avatar ioggstream commented on May 29, 2024

@KonradHoeffner keep in touch with @gnespolino . They made a fork of the project that should be actively maintained by the Italian Government.

The URL is here https://github.com/teamdigitale/dati-semantic-lodview/ I know they made some refactoring and code cleanups: I suggest to get in touch in order to sync and join efforts.

from lodview.

ioggstream avatar ioggstream commented on May 29, 2024

cc: @giorgialodi @gnespolino @dvcama ^ #63 (comment)

from lodview.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.