umati / milo Goto Github PK
View Code? Open in Web Editor NEWThis project forked from eclipse/milo
Eclipse Milo™ - an open source implementation of OPC UA (IEC 62541).
Home Page: http://www.eclipse.org/milo
License: Eclipse Public License 2.0
This project forked from eclipse/milo
Eclipse Milo™ - an open source implementation of OPC UA (IEC 62541).
Home Page: http://www.eclipse.org/milo
License: Eclipse Public License 2.0
Library home page: https://netty.io/
Path to dependency file: /milo-examples/client-examples/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar
Found in HEAD commit: 865206946cdd36c1f698b5aa417b55688843148d
CVE | Severity | CVSS | Dependency | Type | Fixed in (netty-codec-http version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2024-29025 | Medium | 5.3 | netty-codec-http-4.1.105.Final.jar | Direct | 4.1.108.Final | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Library home page: https://netty.io/
Path to dependency file: /milo-examples/client-examples/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar,/home/wss-scanner/.m2/repository/io/netty/netty-codec-http/4.1.105.Final/netty-codec-http-4.1.105.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 865206946cdd36c1f698b5aa417b55688843148d
Found in base branch: develop
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder
can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData
list. The decoder cumulates bytes in the undecodedChunk
buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
Publish Date: 2024-03-25
URL: CVE-2024-29025
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-29025
Release Date: 2024-03-25
Fix Resolution: 4.1.108.Final
Step up your Open Source Security Game with Mend here
Path to dependency file: /milo-examples/client-examples/pom.xml
Path to vulnerable library: /milo-examples/server-examples/pom.xml,/milo-examples/client-examples/pom.xml
Found in HEAD commit: 865206946cdd36c1f698b5aa417b55688843148d
CVE | Severity | CVSS | Dependency | Type | Fixed in (server-examples version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2023-6481 | High | 7.5 | logback-core-1.2.12.jar | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /milo-examples/server-examples/pom.xml
Path to vulnerable library: /milo-examples/server-examples/pom.xml,/milo-examples/client-examples/pom.xml
Dependency Hierarchy:
Found in HEAD commit: 865206946cdd36c1f698b5aa417b55688843148d
Found in base branch: develop
A serialization vulnerability in logback receiver component part of
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
Publish Date: 2023-12-04
URL: CVE-2023-6481
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-6481
Release Date: 2023-12-04
Fix Resolution: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14
Step up your Open Source Security Game with Mend here
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.
Library home page: https://www.bouncycastle.org/java.html
Path to dependency file: /opc-ua-sdk/sdk-core/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar
Found in HEAD commit: 865206946cdd36c1f698b5aa417b55688843148d
CVE | Severity | CVSS | Dependency | Type | Fixed in (bcprov-jdk18on version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2024-30171 | Medium | 5.3 | bcprov-jdk18on-1.75.jar | Direct | 1.78 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up.
Library home page: https://www.bouncycastle.org/java.html
Path to dependency file: /opc-ua-sdk/sdk-core/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar,/home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar
Dependency Hierarchy:
Found in HEAD commit: 865206946cdd36c1f698b5aa417b55688843148d
Found in base branch: develop
BouncyCastle before version 1.78 is vulnerable to timing side-channel attacks against RSA decryption (both PKCS#1v1.5 and OAEP).
Publish Date: 2024-03-24
URL: CVE-2024-30171
Base Score Metrics:
Type: Upgrade version
Release Date: 2024-03-24
Fix Resolution: 1.78
Step up your Open Source Security Game with Mend here
Path to dependency file: /milo-examples/client-examples/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar
Found in HEAD commit: 865206946cdd36c1f698b5aa417b55688843148d
CVE | Severity | CVSS | Dependency | Type | Fixed in (server-examples version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2023-6481 | High | 7.5 | logback-core-1.2.12.jar | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
logback-core module
Library home page: http://logback.qos.ch
Path to dependency file: /milo-examples/client-examples/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar
Dependency Hierarchy:
Found in HEAD commit: 865206946cdd36c1f698b5aa417b55688843148d
Found in base branch: develop
A serialization vulnerability in logback receiver component part of
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
Publish Date: 2023-12-04
URL: CVE-2023-6481
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-6481
Release Date: 2023-12-04
Fix Resolution: ch.qos.logback:logback-core:1.2.13,1.3.14,1.4.14
Step up your Open Source Security Game with Mend here
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
io.netty:netty-codec-http
, io.netty:netty-handler
, io.netty:netty-codec
)org.bouncycastle:bcpkix-jdk18on
, org.bouncycastle:bcprov-jdk18on
)org.slf4j:slf4j-jdk14
, org.slf4j:jcl-over-slf4j
, org.slf4j:slf4j-simple
, org.slf4j:slf4j-api
)These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
org.slf4j:slf4j-jdk14
, org.slf4j:jcl-over-slf4j
, org.slf4j:slf4j-simple
, org.slf4j:slf4j-api
)These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.
org.junit.jupiter:junit-jupiter-engine
, org.junit.jupiter:junit-jupiter-api
).github/workflows/maven.yml
actions/checkout v3
actions/setup-java v3
ubuntu 20.04
build-tools/pom.xml
org.apache.maven.plugins:maven-deploy-plugin 3.0.0-M1
org.apache.maven.plugins:maven-enforcer-plugin 3.0.0-M3
org.apache.maven.plugins:maven-clean-plugin 3.1.0
org.apache.maven.plugins:maven-compiler-plugin 3.13.0
org.apache.maven.plugins:maven-install-plugin 3.0.0-M1
org.apache.maven.plugins:maven-jar-plugin 3.2.0
org.apache.maven.plugins:maven-resources-plugin 3.1.0
org.apache.maven.plugins:maven-site-plugin 3.8.2
org.apache.maven.plugins:maven-surefire-plugin 3.0.0-M4
milo-examples/client-examples/pom.xml
org.eclipse.milo:milo-examples 0.6.13-SNAPSHOT
org.eclipse.milo:sdk-client 0.6.13-SNAPSHOT
org.eclipse.milo:dictionary-reader 0.6.13-SNAPSHOT
org.eclipse.milo:server-examples 0.6.13-SNAPSHOT
ch.qos.logback:logback-classic 1.2.13
org.jetbrains:annotations 22.0.0
milo-examples/pom.xml
org.apache.maven.plugins:maven-deploy-plugin 3.0.0-M1
milo-examples/server-examples/pom.xml
org.eclipse.milo:milo-examples 0.6.13-SNAPSHOT
org.eclipse.milo:sdk-server 0.6.13-SNAPSHOT
org.eclipse.milo:dictionary-manager 0.6.13-SNAPSHOT
ch.qos.logback:logback-classic 1.2.13
org.jetbrains:annotations 22.0.0
org.apache.maven.plugins:maven-shade-plugin 3.2.2
opc-ua-sdk/dictionary-manager/pom.xml
org.eclipse.milo:opc-ua-sdk 0.6.13-SNAPSHOT
opc-ua-sdk/dictionary-reader/pom.xml
org.eclipse.milo:opc-ua-sdk 0.6.13-SNAPSHOT
org.junit.jupiter:junit-jupiter-engine 5.5.2
opc-ua-sdk/integration-tests/pom.xml
org.eclipse.milo:opc-ua-sdk 0.6.13-SNAPSHOT
org.junit.jupiter:junit-jupiter-api 5.6.2
org.junit.jupiter:junit-jupiter-engine 5.6.2
org.apache.maven.plugins:maven-failsafe-plugin 3.0.0-M4
opc-ua-sdk/pom.xml
org.jetbrains:annotations 22.0.0
org.mockito:mockito-core 2.25.1
org.slf4j:slf4j-simple 1.7.32
org.codehaus.mojo:findbugs-maven-plugin 3.0.5
org.jetbrains:annotations 22.0.0
org.jetbrains:annotations 22.0.0
org.slf4j:slf4j-simple 1.7.32
org.jetbrains:annotations 22.0.0
org.testng:testng 6.11
org.mockito:mockito-core 2.25.1
org.slf4j:slf4j-simple 1.7.32
org.slf4j:slf4j-simple 1.7.32
org.testng:testng 6.11
org.mockito:mockito-core 2.25.1
opc-ua-sdk/sdk-client/pom.xml
org.eclipse.milo:opc-ua-sdk 0.6.13-SNAPSHOT
opc-ua-sdk/sdk-core/pom.xml
org.eclipse.milo:opc-ua-sdk 0.6.13-SNAPSHOT
org.junit.jupiter:junit-jupiter-api 5.6.2
org.junit.jupiter:junit-jupiter-engine 5.6.2
opc-ua-sdk/sdk-server/pom.xml
org.eclipse.milo:opc-ua-sdk 0.6.13-SNAPSHOT
opc-ua-sdk/sdk-tests/pom.xml
org.eclipse.milo:opc-ua-sdk 0.6.13-SNAPSHOT
org.apache.maven.plugins:maven-failsafe-plugin 3.0.0-M4
opc-ua-stack/bsd-core/pom.xml
org.eclipse.milo:opc-ua-stack 0.6.13-SNAPSHOT
org.eclipse.milo:stack-core 0.6.13-SNAPSHOT
com.sun.activation:jakarta.activation 1.2.2
org.glassfish.jaxb:jaxb-runtime 2.3.6
org.jvnet.jaxb2.maven2:maven-jaxb2-plugin 0.14.0
opc-ua-stack/bsd-generator/pom.xml
org.eclipse.milo:opc-ua-stack 0.6.13-SNAPSHOT
org.eclipse.milo:bsd-core 0.6.13-SNAPSHOT
opc-ua-stack/bsd-parser-gson/pom.xml
org.eclipse.milo:opc-ua-stack 0.6.13-SNAPSHOT
org.eclipse.milo:bsd-parser 0.6.13-SNAPSHOT
com.google.code.gson:gson 2.8.9
org.eclipse.milo:bsd-parser 0.6.13-SNAPSHOT
opc-ua-stack/bsd-parser/pom.xml
org.eclipse.milo:opc-ua-stack 0.6.13-SNAPSHOT
org.eclipse.milo:bsd-core 0.6.13-SNAPSHOT
com.sun.activation:jakarta.activation 1.2.2
org.glassfish.jaxb:jaxb-runtime 2.3.6
opc-ua-stack/pom.xml
org.testng:testng 6.9.10
org.slf4j:slf4j-simple 1.7.32
org.jetbrains:annotations 22.0.0
org.testng:testng 6.9.10
org.slf4j:slf4j-simple 1.7.32
org.codehaus.mojo:findbugs-maven-plugin 3.0.5
org.apache.maven.plugins:maven-surefire-plugin 3.0.0-M4
org.apache.maven.plugins:maven-failsafe-plugin 3.0.0-M4
io.netty:netty-codec-http 4.1.108.Final
org.jetbrains:annotations 22.0.0
org.bouncycastle:bcprov-jdk18on 1.75
org.bouncycastle:bcpkix-jdk18on 1.75
com.google.guava:guava 33.1.0-jre
io.netty:netty-codec 4.1.108.Final
io.netty:netty-handler 4.1.108.Final
org.slf4j:slf4j-api 1.7.32
org.jetbrains:annotations 22.0.0
org.testng:testng 6.9.10
org.slf4j:slf4j-simple 1.7.32
io.netty:netty-codec-http 4.1.108.Final
org.jetbrains:annotations 22.0.0
org.testng:testng 6.9.10
org.slf4j:slf4j-simple 1.7.32
opc-ua-stack/stack-client/pom.xml
org.eclipse.milo:opc-ua-stack 0.6.13-SNAPSHOT
com.digitalpetri.netty:netty-channel-fsm 0.8
opc-ua-stack/stack-core/pom.xml
org.eclipse.milo:opc-ua-stack 0.6.13-SNAPSHOT
org.glassfish.jaxb:jaxb-runtime 2.3.6
org.projectlombok:lombok 1.18.32
org.apache.maven.plugins:maven-compiler-plugin 3.13.0
org.projectlombok:lombok 1.18.32
opc-ua-stack/stack-server/pom.xml
org.eclipse.milo:opc-ua-stack 0.6.13-SNAPSHOT
opc-ua-stack/stack-tests/pom.xml
org.eclipse.milo:opc-ua-stack 0.6.13-SNAPSHOT
pom.xml
org.apache.maven.plugins:maven-source-plugin 3.2.1
org.apache.maven.plugins:maven-javadoc-plugin 3.2.0
org.apache.maven.plugins:maven-jar-plugin 3.2.0
org.apache.maven.plugins:maven-gpg-plugin 3.2.1
org.sonatype.plugins:nexus-staging-maven-plugin 1.6.8
org.apache.maven.plugins:maven-source-plugin 3.2.1
org.apache.maven.plugins:maven-javadoc-plugin 3.2.0
org.apache.maven.plugins:maven-checkstyle-plugin 3.0.0
com.puppycrawl.tools:checkstyle 8.18
org.slf4j:jcl-over-slf4j 1.7.21
org.slf4j:slf4j-jdk14 1.7.21
org.apache.maven.plugins:maven-enforcer-plugin 3.0.0-M3
org.apache.maven.plugins:maven-compiler-plugin 3.13.0
org.apache.maven.plugins:maven-jar-plugin 3.2.0
org.apache.felix:maven-bundle-plugin 5.1.9
org.apache.maven.plugins:maven-release-plugin 3.0.0-M1
org.apache.maven.plugins:maven-clean-plugin 3.1.0
org.apache.maven.plugins:maven-deploy-plugin 3.0.0-M1
org.apache.maven.plugins:maven-install-plugin 3.0.0-M1
org.apache.maven.plugins:maven-resources-plugin 3.1.0
org.apache.maven.plugins:maven-site-plugin 3.8.2
org.apache.maven.plugins:maven-surefire-plugin 3.0.0-M4
org.apache.maven.plugins:maven-checkstyle-plugin 3.0.0
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /milo-examples/server-examples/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.12/logback-classic-1.2.12.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.12/logback-classic-1.2.12.jar
Found in HEAD commit: 865206946cdd36c1f698b5aa417b55688843148d
CVE | Severity | CVSS | Dependency | Type | Fixed in (logback-classic version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2023-6378 | High | 7.5 | logback-classic-1.2.12.jar | Direct | 1.2.13 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
logback-classic module
Library home page: http://logback.qos.ch
Path to dependency file: /milo-examples/server-examples/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.12/logback-classic-1.2.12.jar,/home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.12/logback-classic-1.2.12.jar
Dependency Hierarchy:
Found in HEAD commit: 865206946cdd36c1f698b5aa417b55688843148d
Found in base branch: develop
A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
Publish Date: 2023-11-29
URL: CVE-2023-6378
Base Score Metrics:
Type: Upgrade version
Origin: https://logback.qos.ch/news.html#1.3.12
Release Date: 2023-11-29
Fix Resolution: 1.2.13
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.