Skip to content

Добавлено сканирование зависимостей при сборке через ossindex-maven-p… #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 20, 2025
Merged

Добавлено сканирование зависимостей при сборке через ossindex-maven-p… #18

merged 1 commit into from
Jun 20, 2025

Conversation

a-simeshin
Copy link
Collaborator

Добавлено сканирование зависимостей при сборке через ossindex-maven-plugin

Closes #8

На данный момент замечены:

[WARNING] Detected 3 vulnerable components:
  org.springframework:spring-context:jar:6.2.6:test; https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-context@6.2.6?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
    * [CVE-2025-22233] CWE-20: Improper Input Validation (2.3); https://ossindex.sonatype.org/vulnerability/CVE-2025-22233?component-type=maven&component-name=org.springframework%2Fspring-context&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
  org.apache.tomcat.embed:tomcat-embed-core:jar:10.1.40:test; https://ossindex.sonatype.org/component/pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@10.1.40?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
    * [CVE-2025-48988] CWE-770: Allocation of Resources Without Limits or Throttling (8.7); https://ossindex.sonatype.org/vulnerability/CVE-2025-48988?component-type=maven&component-name=org.apache.tomcat.embed%2Ftomcat-embed-core&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
    * [CVE-2025-49125] CWE-288: Authentication Bypass Using an Alternate Path or Channel (6.3); https://ossindex.sonatype.org/vulnerability/CVE-2025-49125?component-type=maven&component-name=org.apache.tomcat.embed%2Ftomcat-embed-core&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
  org.springframework:spring-web:jar:6.2.6:compile; https://ossindex.sonatype.org/component/pkg:maven/org.springframework/spring-web@6.2.6?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
    * [CVE-2025-41234] CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') (7.4); https://ossindex.sonatype.org/vulnerability/CVE-2025-41234?component-type=maven&component-name=org.springframework%2Fspring-web&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1

Ожидаемо, часть поправится с переходом на spring-boot 3.5.0

@a-simeshin a-simeshin requested a review from linarkou June 20, 2025 07:43
@a-simeshin a-simeshin self-assigned this Jun 20, 2025
@linarkou linarkou merged commit 9fcae74 into ai-forever:main Jun 20, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@linarkou linarkou linarkou approved these changes

Assignees

@a-simeshin a-simeshin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Добавить сканирование ossindex при сборке
2 participants
@a-simeshin @linarkou