Comments (5)
OWASP check output:
One or more dependencies were identified with known vulnerabilities in lodview:
apache-jena-libs-2.13.0.pom (pkg:maven/org.apache.jena/[email protected], cpe:2.3:a:apache:jena:2.13.0:*:*:*:*:*:*:*) : CVE-2021-39239, CVE-2022-28890
commons-httpclient-3.0.1.jar (pkg:maven/commons-httpclient/[email protected], cpe:2.3:a:apache:commons-httpclient:3.0.1:*:*:*:*:*:*:*, cpe:2.3:a:apache:httpclient:3.0.1:*:*:*:*:*:*:*) : CVE-2012-5783, CVE-2020-13956
commons-io-2.4.jar (pkg:maven/commons-io/[email protected], cpe:2.3:a:apache:commons_io:2.4:*:*:*:*:*:*:*) : CVE-2021-29425
httpclient-4.2.6.jar (pkg:maven/org.apache.httpcomponents/[email protected], cpe:2.3:a:apache:httpclient:4.2.6:*:*:*:*:*:*:*) : CVE-2014-3577, CVE-2015-5262, CVE-2020-13956
httpclient-cache-4.2.6.jar (pkg:maven/org.apache.httpcomponents/[email protected], cpe:2.3:a:apache:httpclient:4.2.6:*:*:*:*:*:*:*) : CVE-2014-3577, CVE-2020-13956
jackson-databind-2.3.3.jar (pkg:maven/com.fasterxml.jackson.core/[email protected], cpe:2.3:a:fasterxml:jackson-databind:2.3.3:*:*:*:*:*:*:*) : CVE-2017-7525, CVE-2018-7489, CVE-2020-35490, CVE-2020-35491, CVE-2020-36518, CVE-2022-42003, CVE-2022-42004
jdom-1.0.jar (pkg:maven/jdom/[email protected], cpe:2.3:a:jdom:jdom:1.0:*:*:*:*:*:*:*) : CVE-2021-33813
jena-core-2.13.0.jar (pkg:maven/org.apache.jena/[email protected], cpe:2.3:a:apache:jena:2.13.0:*:*:*:*:*:*:*) : CVE-2021-39239, CVE-2022-28890
jena-tdb-1.1.2.jar (pkg:maven/org.apache.jena/[email protected], cpe:2.3:a:apache:jena:1.1.2:*:*:*:*:*:*:*) : CVE-2021-39239, CVE-2022-28890
jquery.jplayer.js (pkg:javascript/[email protected]) : CVE-2013-1942, CVE-2013-2022, CVE-2013-2023
jquery.min.js (pkg:javascript/[email protected]) : CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023
jstl-api-1.2.jar (pkg:maven/javax.servlet.jsp.jstl/[email protected], cpe:2.3:a:tag_project:tag:1.2:*:*:*:*:*:*:*) : CVE-2020-29242, CVE-2020-29243, CVE-2020-29244, CVE-2020-29245
jstl-impl-1.2.jar (pkg:maven/org.glassfish.web/[email protected], cpe:2.3:a:tag_project:tag:1.2:*:*:*:*:*:*:*, cpe:2.3:a:taglib:taglib:1.2:*:*:*:*:*:*:*) : CVE-2015-0254, CVE-2020-29242, CVE-2020-29243, CVE-2020-29244, CVE-2020-29245
libthrift-0.9.2.jar (pkg:maven/org.apache.thrift/[email protected], cpe:2.3:a:apache:thrift:0.9.2:*:*:*:*:*:*:*) : CVE-2015-3254, CVE-2016-5397, CVE-2018-11798, CVE-2018-1320, CVE-2019-0205
log4j-1.2.17.jar (pkg:maven/log4j/[email protected], cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*) : CVE-2019-17571, CVE-2020-9493, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
logback-core-1.0.7.jar (pkg:maven/ch.qos.logback/[email protected], cpe:2.3:a:qos:logback:1.0.7:*:*:*:*:*:*:*) : CVE-2017-5929, CVE-2021-42550
snakeyaml-1.13.jar (pkg:maven/org.yaml/[email protected], cpe:2.3:a:snakeyaml_project:snakeyaml:1.13:*:*:*:*:*:*:*, cpe:2.3:a:yaml_project:yaml:1.13:*:*:*:*:*:*:*) : CVE-2017-18640, CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752
spring-aop-4.2.4.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.2.4:release:*:*:*:*:*:*) : CVE-2016-1000027, CVE-2016-5007, CVE-2016-9878, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-1270, CVE-2018-15756, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
spring-boot-1.1.4.RELEASE.jar (pkg:maven/org.springframework.boot/[email protected], cpe:2.3:a:vmware:spring_boot:1.1.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:1.1.4:release:*:*:*:*:*:*) : CVE-2013-4152, CVE-2013-7315, CVE-2014-0054, CVE-2016-1000027, CVE-2017-8046, CVE-2018-11039, CVE-2018-11040, CVE-2018-1196, CVE-2018-1257, CVE-2020-5421, CVE-2021-26987, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970, CVE-2022-27772
spring-boot-starter-integration-1.1.4.RELEASE.jar (pkg:maven/org.springframework.boot/[email protected], cpe:2.3:a:vmware:spring_boot:1.1.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:1.1.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_integration:1.1.4:release:*:*:*:*:*:*) : CVE-2013-4152, CVE-2013-7315, CVE-2014-0054, CVE-2016-1000027, CVE-2017-8046, CVE-2018-11039, CVE-2018-11040, CVE-2018-1196, CVE-2018-1257, CVE-2019-3772, CVE-2020-5421, CVE-2021-26987, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970, CVE-2022-27772
spring-core-4.2.4.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.2.4:release:*:*:*:*:*:*) : CVE-2016-1000027, CVE-2016-5007, CVE-2016-9878, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-1270, CVE-2018-1272, CVE-2018-15756, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
spring-integration-core-4.0.2.RELEASE.jar (pkg:maven/org.springframework.integration/[email protected], cpe:2.3:a:vmware:spring_framework:4.0.2:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_integration:4.0.2:release:*:*:*:*:*:*) : CVE-2014-0225, CVE-2015-5211, CVE-2016-1000027, CVE-2016-5007, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2019-3772, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
spring-messaging-4.0.6.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.0.6:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.0.6:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.0.6:release:*:*:*:*:*:*) : CVE-2014-3625, CVE-2015-5211, CVE-2016-1000027, CVE-2016-5007, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-1270, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970, CVE-2022-22971
spring-retry-1.1.0.RELEASE.jar (pkg:maven/org.springframework.retry/[email protected], cpe:2.3:a:vmware:spring_framework:1.1.0:release:*:*:*:*:*:*) : CVE-2013-4152, CVE-2013-7315, CVE-2014-0054, CVE-2016-1000027, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
spring-tx-4.0.6.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.0.6:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.0.6:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.0.6:release:*:*:*:*:*:*) : CVE-2014-3625, CVE-2015-5211, CVE-2016-1000027, CVE-2016-5007, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-1270, CVE-2020-5421, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
spring-webmvc-4.2.4.RELEASE.jar (pkg:maven/org.springframework/[email protected], cpe:2.3:a:pivotal_software:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.2.4:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.2.4:release:*:*:*:*:*:*) : CVE-2016-1000027, CVE-2016-5007, CVE-2016-9878, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-1270, CVE-2018-1271, CVE-2018-15756, CVE-2020-5397, CVE-2020-5421, CVE-2021-22060, CVE-2022-22950, CVE-2022-22965, CVE-2022-22968, CVE-2022-22970
xercesImpl-2.11.0.jar (pkg:maven/xerces/[email protected], cpe:2.3:a:apache:xerces2_java:2.11.0:*:*:*:*:*:*:*) : CVE-2012-0881, CVE-2013-4002, CVE-2017-10355, CVE-2022-23437
from lodview.
@dvcama we updated LodView with various security checks and with a substantial rewrite of code here https://github.com/teamdigitale/dati-semantic-lodview
The app behavior should be the same. Feel free to provide feedback. You are welcome to merge the changes in this repo.
Have a nice day, R. cc: @giorgialodi @smazzini
from lodview.
@ioggstream Sounds great! Can you also provide it as one or more pull requests? That may be easier to integrate.
from lodview.
@KonradHoeffner keep in touch with @gnespolino . They made a fork of the project that should be actively maintained by the Italian Government.
The URL is here https://github.com/teamdigitale/dati-semantic-lodview/ I know they made some refactoring and code cleanups: I suggest to get in touch in order to sync and join efforts.
from lodview.
cc: @giorgialodi @gnespolino @dvcama ^ #63 (comment)
from lodview.
Related Issues (20)
- Language preferences on a per user basis?
- is sparql and IRI params in query string working? HOT 4
- deterministic order of title properties HOT 1
- ld+json error for certain datatype HOT 3
- https: in namespace
- IDN in endpoint URL needs to be punycoded manually
- Using with docker HOT 3
- slf4j-log4j12-1.7.6 and log4j-over-slf4j-1.7.7 both present in classpath generate error "Detected both log4j-over-slf4j.jar AND slf4j-log4j12.jar on the class path, preempting StackOverflowError" HOT 2
- use environment variables instead of config.ttl?
- Use logging instead of System.out.println HOT 2
- log4j 1.2.17 in mvn dependency:tree, upgrade Jena version HOT 1
- docker memory consumption HOT 2
- XML Parsing Error: not well-formed
- Generate static HTML HOT 2
- Wish: integrate skin features from https://github.com/linkeddatacenter/app-lodview
- dotenv in ConfigurationBean stops app from compiling (tomcat 9) HOT 2
- integrate https://github.com/ManlyMan1/LodView_Cyrillic ? HOT 1
- add GitHub action CI compile check
- commons codec version conflict
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lodview.