Conversation
![sonatype-lift[bot]](https://avatars.githubusercontent.com/in/9843?s=60&v=4){kind=small}
| if (accept != null) { | ||
| boolean json = false; | ||
| try { | ||
| String[] mtypes = accept.split(";", 2)[0].split(","); |
There was a problem hiding this comment.
StringSplitter: String.split(String) has surprising behavior (details)
| String[] mtypes = accept.split(";", 2)[0].split(","); | |
| Iterable<String> mtypes = Splitter.on(',').split(accept.split(";", 2)[0]); |
(at-me in a reply with help or ignore)
There was a problem hiding this comment.
I've recorded this as ignored for this pull request.
If you change your mind, just comment @sonatype-lift unignore.
| <artifactId>vpro-shared-web</artifactId> | ||
| </dependency> | ||
|
|
||
| <dependency> |
There was a problem hiding this comment.
Critical OSS Vulnerability:
pkg:maven/io.swagger.core.v3/swagger-core@2.1.13
2 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.5.1
CRITICAL Vulnerabilities (2)
CVE-2020-36518
[CVE-2020-36518] CWE-787: Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
sonatype-2021-4682
[sonatype-2021-4682] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
jackson-databind - Denial of Service (DoS)
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
(at-me in a reply with help or ignore)
There was a problem hiding this comment.
I've recorded this as ignored for this pull request.
If you change your mind, just comment @sonatype-lift unignore.
| <groupId>io.swagger.core.v3</groupId> | ||
| <artifactId>swagger-core</artifactId> | ||
| </dependency> | ||
| <dependency> |
There was a problem hiding this comment.
Critical OSS Vulnerability:
pkg:maven/io.swagger.core.v3/swagger-jaxrs2@2.1.13
2 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.5.1
CRITICAL Vulnerabilities (2)
CVE-2020-36518
[CVE-2020-36518] CWE-787: Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
sonatype-2021-4682
[sonatype-2021-4682] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
jackson-databind - Denial of Service (DoS)
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
(at-me in a reply with help or ignore)
| </properties> | ||
|
|
||
| <dependencies> | ||
| <dependency> |
There was a problem hiding this comment.
Critical OSS Vulnerability:
pkg:maven/nl.vpro.shared/vpro-shared-jackson2@2.30-SNAPSHOT
2 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.10.5.1
CRITICAL Vulnerabilities (2)
CVE-2020-36518
[CVE-2020-36518] CWE-787: Out-of-bounds Write
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
sonatype-2021-4682
[sonatype-2021-4682] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
jackson-databind - Denial of Service (DoS)
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
pkg:maven/com.google.guava/guava@31.1-jre
SEVERE Vulnerabilities (1)
[sonatype-2020-0926] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions
guava - Creation of Temporary File in Directory with Insecure Permissions [CVE-2020-8908]
The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
CVSS Score: 6.2
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-379
(at-me in a reply with help or ignore)
| <groupId>nl.vpro.shared</groupId> | ||
| <artifactId>vpro-shared-jackson2</artifactId> | ||
| </dependency> | ||
| <dependency> |
There was a problem hiding this comment.
Severe OSS Vulnerability:
pkg:maven/nl.vpro.shared/vpro-shared-web@2.30-SNAPSHOT
0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:maven/com.google.guava/guava@31.1-jre
SEVERE Vulnerabilities (1)
[sonatype-2020-0926] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions
guava - Creation of Temporary File in Directory with Insecure Permissions [CVE-2020-8908]
The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
CVSS Score: 6.2
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-379
(at-me in a reply with help or ignore)
| import io.swagger.v3.oas.models.OpenAPI; | ||
|
|
||
| /** | ||
| * @author Michiel Meeuwissen |
There was a problem hiding this comment.
MissingSummary: A summary line is required on public/protected Javadocs. (details)
(at-me in a reply with help or ignore)
| import io.swagger.v3.core.util.ParameterProcessor; | ||
|
|
||
| /** | ||
| * @author Michiel Meeuwissen |
There was a problem hiding this comment.
MissingSummary: A summary line is required on public/protected Javadocs. (details)
(at-me in a reply with help or ignore)
vpro-shared-swagger3/src/main/java/nl/vpro/swagger/SwaggerApplication.java
Show resolved
Hide resolved
| </properties> | ||
|
|
||
| <dependencies> | ||
| <dependency> |
There was a problem hiding this comment.
Severe OSS Vulnerability:
pkg:maven/nl.vpro.shared/vpro-shared-jackson2@2.30-SNAPSHOT
0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies
Components
pkg:maven/com.google.guava/guava@31.1-jre
SEVERE Vulnerabilities (1)
[sonatype-2020-0926] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions
guava - Creation of Temporary File in Directory with Insecure Permissions [CVE-2020-8908]
The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
CVSS Score: 6.2
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-379
(at-me in a reply with help or ignore)
vpro-shared-swagger3/src/main/java/nl/vpro/swagger/model/SwaggerReaderListener.java
Show resolved
Hide resolved
mihxil
changed the title
1 participant
No description provided.