asd
snirburkush / snirepo Goto Github PK
View Code? Open in Web Editor NEWasd
asd
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: 0 required code reviewers
Overall dependency risk changed:
Package name: org.springframework:spring-web, version: 6.0.9
Resolved vulnerabilities: GHSA-ccgv-vj62-xf9h,CVE-2024-22243,GHSA-hgjh-9rj2-g67j,CVE-2024-22259
Package name: org.springframework:spring-webmvc, version: 6.0.9
Resolved vulnerabilities: GHSA-v94h-hvhg-mf9h,CVE-2023-34053
Package name: org.springframework.security:spring-security-core, version: 6.1.0
Resolved vulnerabilities: GHSA-w3w6-26f2-p474,CVE-2024-22234,GHSA-f3jh-qvm4-mg39,CVE-2024-22257
Package name: org.eclipse.jetty.http2:http2-common, version: 11.0.15
Resolved vulnerabilities: GHSA-rggv-cv7r-mw98,CVE-2024-22201
Package name: org.eclipse.jetty.http2:http2-hpack, version: 11.0.15
Resolved vulnerabilities: GHSA-wgh7-54f2-x98r,CVE-2023-36478
Package name: org.eclipse.jetty.http2:http2-server, version: 11.0.15
Resolved vulnerabilities: GHSA-qppj-fm5r-hxr3,CVE-2023-44487
Affected repository: snirepo
Provided by ApiiroSca
Overall dependency risk changed:
Package risk is now High
Due to vulnerability: CVE-2024-22234
Package name: org.springframework.security:spring-security-web, version: 6.1.0
Package risk is now High
Due to vulnerability: CVE-2023-38286
Package name: org.thymeleaf:thymeleaf, version: 3.1.1.RELEASE
Affected repository: snirepo
Provided by ApiiroSca
Overall dependency risk changed:
Package name: com.fasterxml.jackson.core:jackson-databind, version: 2.15.0
Resolved vulnerability: CVE-2023-35116
Affected repository: snirepo
Provided by ApiiroSca
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: Force push is allowed
Overall dependency risk changed:
Package name: io.undertow:undertow-core, version: 2.3.6.Final
Resolved vulnerability: CVE-2022-1259
Affected repository: snirepo
Provided by ApiiroSca
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: 0 required code reviewers
Overall dependency risk changed:
Package name: org.springframework.boot:spring-boot, version: 3.1.0
Resolved vulnerabilities: GHSA-jjfh-589g-3hjx,CVE-2023-34055
Affected repository: snirepo
Provided by ApiiroSca
Overall dependency risk changed:
Package name: org.springframework:spring-web, version: 6.0.9
Resolved vulnerabilities: GHSA-ccgv-vj62-xf9h,CVE-2024-22243,GHSA-hgjh-9rj2-g67j,CVE-2024-22259
Package name: org.springframework:spring-webmvc, version: 6.0.9
Resolved vulnerabilities: GHSA-v94h-hvhg-mf9h,CVE-2023-34053
Package name: org.springframework.security:spring-security-core, version: 6.1.0
Resolved vulnerabilities: GHSA-w3w6-26f2-p474,CVE-2024-22234,GHSA-f3jh-qvm4-mg39,CVE-2024-22257
Package name: org.eclipse.jetty.http2:http2-common, version: 11.0.15
Resolved vulnerabilities: GHSA-rggv-cv7r-mw98,CVE-2024-22201
Package name: org.eclipse.jetty.http2:http2-hpack, version: 11.0.15
Resolved vulnerabilities: GHSA-wgh7-54f2-x98r,CVE-2023-36478
Package name: org.eclipse.jetty.http2:http2-server, version: 11.0.15
Resolved vulnerabilities: GHSA-qppj-fm5r-hxr3,CVE-2023-44487
Affected repository: snirepo
Provided by ApiiroSca
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: 0 required code reviewers
Overall dependency risk changed:
Package risk is now High
Due to vulnerability: CVE-2023-38286
Package name: org.thymeleaf:thymeleaf, version: 3.1.1.RELEASE
Affected repository: snirepo
Provided by ApiiroSca
Overall dependency risk changed:
Package risk is now Critical
Due to vulnerabilities: GHSA-3h6f-g5f3-gc4w,CVE-2023-34034
Package name: org.springframework.security:spring-security-config, version: 6.1.0
Package risk is now High
Due to vulnerabilities: GHSA-vmq6-5m68-f53m,CVE-2023-6378
Package name: ch.qos.logback:logback-classic, version: 1.4.7
Package risk is now High
Due to vulnerabilities: GHSA-vmq6-5m68-f53m,CVE-2023-6378
Package name: ch.qos.logback:logback-core, version: 1.4.7
Package risk is now High
Due to vulnerabilities: GHSA-7f88-5hhx-67m2,CVE-2023-5685
Package name: org.jboss.xnio:xnio-api, version: 3.8.8.Final
Package risk is now High
Due to vulnerabilities: GHSA-ccgv-vj62-xf9h,CVE-2024-22243,GHSA-hgjh-9rj2-g67j,CVE-2024-22259,GHSA-2wrp-6fg6-hmc5,CVE-2024-22262
Package name: org.springframework:spring-web, version: 6.0.9
Package risk is now High
Due to vulnerabilities: GHSA-v94h-hvhg-mf9h,CVE-2023-34053
Package name: org.springframework:spring-webmvc, version: 6.0.9
Package risk is now High
Due to vulnerabilities: GHSA-w3w6-26f2-p474,CVE-2024-22234,GHSA-f3jh-qvm4-mg39,CVE-2024-22257
Package name: org.springframework.security:spring-security-core, version: 6.1.0
Package risk is now High
Due to vulnerability: CVE-2023-36478
Package name: org.eclipse.jetty:jetty-http, version: 11.0.15
Package risk is now High
Due to vulnerabilities: GHSA-rggv-cv7r-mw98,CVE-2024-22201
Package name: org.eclipse.jetty.http2:http2-common, version: 11.0.15
Package risk is now High
Due to vulnerabilities: GHSA-wgh7-54f2-x98r,CVE-2023-36478
Package name: org.eclipse.jetty.http2:http2-hpack, version: 11.0.15
Package risk is now Medium
Due to vulnerabilities: GHSA-6qvw-249j-h44c,CVE-2023-51775
Package name: org.bitbucket.b_c:jose4j, version: 0.9.3
Package risk is now Medium
Due to vulnerabilities: GHSA-v76w-3ph8-vm66,CVE-2024-1459
Package name: io.undertow:undertow-core, version: 2.3.6.Final
Package risk is now Medium
Due to vulnerabilities: GHSA-pfh2-hfmq-phg5,CVE-2023-51074
Package name: com.jayway.jsonpath:json-path, version: 2.8.0
Package risk is now Medium
Due to vulnerabilities: GHSA-qppj-fm5r-hxr3,CVE-2023-44487
Package name: org.eclipse.jetty.http2:http2-server, version: 11.0.15
Package risk is now Medium
Due to vulnerabilities: GHSA-jjfh-589g-3hjx,CVE-2023-34055
Package name: org.springframework.boot:spring-boot, version: 3.1.0
Package risk is now Low
Due to vulnerabilities: GHSA-chfm-68vv-pvw5,CVE-2024-31573
Package name: org.xmlunit:xmlunit-core, version: 2.9.1
Package risk is now Low
Due to vulnerabilities: GHSA-3gh6-v5v9-6v9j,CVE-2023-36479
Package name: org.eclipse.jetty:jetty-servlets, version: 11.0.15
Package risk is now Low
Due to vulnerability: GHSA-58qw-p7qm-5rvh
Package name: org.eclipse.jetty:jetty-xml, version: 11.0.15
Affected repository: snirepo
Provided by ApiiroSca
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: Deletion is allowed
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: Deletion is allowed
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: Force push is allowed
Overall dependency risk changed:
Package risk is now High
Due to vulnerability: CVE-2023-38286
Package name: org.thymeleaf:thymeleaf, version: 3.1.1.RELEASE
Affected repository: snirepo
Provided by ApiiroSca
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: 0 required code reviewers
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: Force push is allowed
Overall dependency risk changed:
Package risk is now Medium
Due to vulnerability: CVE-2023-34055
Package name: org.springframework.boot:spring-boot-actuator, version: 3.1.0
Affected repository: snirepo
Provided by ApiiroSca
Overall dependency risk changed:
Package risk is now High
Due to vulnerability: CVE-2022-1259
Package name: io.undertow:undertow-core, version: 2.3.6.Final
Affected repository: snirepo
Provided by ApiiroSca
Overall dependency risk changed:
Package risk is now High
Due to vulnerability: CVE-2023-38286
Package name: org.thymeleaf:thymeleaf, version: 3.1.1.RELEASE
Affected repository: snirepo
Provided by ApiiroSca
Overall dependency risk changed:
Package risk is now High
Due to vulnerability: CVE-2022-1259
Package name: io.undertow:undertow-core, version: 2.3.6.Final
Affected repository: snirepo
Provided by ApiiroSca
Discovered on: Sep 05, 2023 14:10
Route: POST /structured-content/{id}
Insights:
- Involves Custom user sensitive data - Involves the following Custom user sensitive data:
ceilingEntityClassname
mainEntityName
- Involves sensitive data - Involves sensitive data 2 fields
Introduced through: admin/broadleaf-contentmanagement-module/src/main/java/org/broadleafcommerce/cms/admin/web/controller/AdminStructuredContentController.java
API Declaration: public String saveEntity(HttpServletRequest request, HttpServletResponse response, Model model, @PathVariable Map<String, String> pathVars, @PathVariable(value = "id") String id, @ModelAttribute(value = "entityForm") EntityForm entityForm, BindingResult result, RedirectAttributes ra)
Module: admin/broadleaf-contentmanagement-module
Related data models:
(Module | Data model name | Sensitive data field | Type)
- admin/broadleaf-contentmanagement-module | EntityForm | ceilingEntityClassname | Custom user sensitive data
- admin/broadleaf-contentmanagement-module | EntityForm | mainEntityName | Custom user sensitive data
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: Deletion is allowed
Overall dependency risk changed:
Package risk is now Critical
Due to vulnerabilities: GHSA-3h6f-g5f3-gc4w,CVE-2023-34034
Package name: org.springframework.security:spring-security-config, version: 6.1.0
Package risk is now High
Due to vulnerabilities: GHSA-vmq6-5m68-f53m,CVE-2023-6378
Package name: ch.qos.logback:logback-classic, version: 1.4.7
Package risk is now High
Due to vulnerabilities: GHSA-vmq6-5m68-f53m,CVE-2023-6378
Package name: ch.qos.logback:logback-core, version: 1.4.7
Package risk is now High
Due to vulnerabilities: GHSA-7f88-5hhx-67m2,CVE-2023-5685
Package name: org.jboss.xnio:xnio-api, version: 3.8.8.Final
Package risk is now High
Due to vulnerabilities: GHSA-ccgv-vj62-xf9h,CVE-2024-22243,GHSA-hgjh-9rj2-g67j,CVE-2024-22259,GHSA-2wrp-6fg6-hmc5,CVE-2024-22262
Package name: org.springframework:spring-web, version: 6.0.9
Package risk is now High
Due to vulnerabilities: GHSA-v94h-hvhg-mf9h,CVE-2023-34053
Package name: org.springframework:spring-webmvc, version: 6.0.9
Package risk is now High
Due to vulnerabilities: GHSA-w3w6-26f2-p474,CVE-2024-22234,GHSA-f3jh-qvm4-mg39,CVE-2024-22257
Package name: org.springframework.security:spring-security-core, version: 6.1.0
Package risk is now High
Due to vulnerability: CVE-2023-36478
Package name: org.eclipse.jetty:jetty-http, version: 11.0.15
Package risk is now High
Due to vulnerabilities: GHSA-rggv-cv7r-mw98,CVE-2024-22201
Package name: org.eclipse.jetty.http2:http2-common, version: 11.0.15
Package risk is now High
Due to vulnerabilities: GHSA-wgh7-54f2-x98r,CVE-2023-36478
Package name: org.eclipse.jetty.http2:http2-hpack, version: 11.0.15
Package risk is now Medium
Due to vulnerabilities: GHSA-6qvw-249j-h44c,CVE-2023-51775
Package name: org.bitbucket.b_c:jose4j, version: 0.9.3
Package risk is now Medium
Due to vulnerabilities: GHSA-v76w-3ph8-vm66,CVE-2024-1459
Package name: io.undertow:undertow-core, version: 2.3.6.Final
Package risk is now Medium
Due to vulnerabilities: GHSA-pfh2-hfmq-phg5,CVE-2023-51074
Package name: com.jayway.jsonpath:json-path, version: 2.8.0
Package risk is now Medium
Due to vulnerabilities: GHSA-qppj-fm5r-hxr3,CVE-2023-44487
Package name: org.eclipse.jetty.http2:http2-server, version: 11.0.15
Package risk is now Medium
Due to vulnerabilities: GHSA-jjfh-589g-3hjx,CVE-2023-34055
Package name: org.springframework.boot:spring-boot, version: 3.1.0
Package risk is now Low
Due to vulnerabilities: GHSA-chfm-68vv-pvw5,CVE-2024-31573
Package name: org.xmlunit:xmlunit-core, version: 2.9.1
Package risk is now Low
Due to vulnerabilities: GHSA-3gh6-v5v9-6v9j,CVE-2023-36479
Package name: org.eclipse.jetty:jetty-servlets, version: 11.0.15
Package risk is now Low
Due to vulnerability: GHSA-58qw-p7qm-5rvh
Package name: org.eclipse.jetty:jetty-xml, version: 11.0.15
Affected repository: snirepo
Provided by ApiiroSca
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: Deletion is allowed
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: Deletion is allowed
Overall dependency risk changed:
Package risk is now Medium
Due to vulnerability: CVE-2023-35116
Package name: com.fasterxml.jackson.core:jackson-databind, version: 2.15.0
Affected repository: snirepo
Provided by ApiiroSca
Overall dependency risk changed:
Package name: com.fasterxml.jackson.core:jackson-databind, version: 2.15.0
Resolved vulnerability: CVE-2023-35116
Affected repository: snirepo
Provided by ApiiroSca
just a test
Discovered on: Feb 10, 2024 08:19
Dependency: grunt-karma
Version: 0.6.2
Type: Direct
Introduced through:
About this package:
External dependency: grunt-karma - https://www.npmjs.com/package/grunt-karma
Package details: grunt plugin for karma test runner
Latest version: 4.0.2
License: MIT
Insights:
Recommended fix version: 4.0.2
Upgrading will fix all current vulnerabilities.
✅ No known vulnerabilities for the recommended version.
Overall dependency risk changed:
Package risk is now Medium
Due to vulnerability: CVE-2023-34055
Package name: org.springframework.boot:spring-boot-actuator, version: 3.1.0
Affected repository: snirepo
Provided by ApiiroSca
Overall dependency risk changed:
Package name: org.springframework.boot:spring-boot, version: 3.1.0
Resolved vulnerabilities: GHSA-jjfh-589g-3hjx,CVE-2023-34055
Affected repository: snirepo
Provided by ApiiroSca
Repository: snirepo
snirepo | [email protected] | 08/24/2023 08:48:45 | View in Apiiro
Repository: snirepo
snirepo | [email protected] | 08/23/2023 17:33:23 | View in Apiiro
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: Force push is allowed
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: Force push is allowed
Provider: Github
Repository: snirepo
Branch: main
Branch configuration: 0 required code reviewers
Overall dependency risk changed:
Package name: io.undertow:undertow-core, version: 2.3.6.Final
Resolved vulnerability: CVE-2022-1259
Affected repository: snirepo
Provided by ApiiroSca
Overall dependency risk changed:
Package risk is now High
Due to vulnerability: CVE-2023-38286
Package name: org.thymeleaf:thymeleaf, version: 3.1.1.RELEASE
Affected repository: snirepo
Provided by ApiiroSca
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.