[英]What is significance of 'Vulnerabilities' from https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4?
Here I need to search latest version of dependency which is not vulnerable but as I navigate to maven repository page https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4 , I see there is also vulnerabilities written under 'Vulnerabilities' section.在这里,我需要搜索不易受攻击的最新版本的依赖项,但是当我导航到 maven 存储库页面https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4时,我看到还有写在下面的漏洞漏洞部分。 I am in dilemma, whether this indicates a resolved vulnerability for given version or persisted still.我处于两难境地,这是否表明给定版本的漏洞已解决或仍然存在。 Please clear whether this version is vulnerable or not?请明确此版本是否易受攻击?
<:-- https.//mvnrepository.com/artifact/commons-fileupload/commons-fileupload --> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.4</version> </dependency>
Snapshot-->快照-->
Issue was reported in commons-fileupload
FILEUPLOAD-347在commons-fileupload
FILEUPLOAD-347中报告了问题
There are two vulnerabilities from dependencies:依赖项有两个漏洞:
commons-fileupload
use method FileNameUtils.normalize
from commons-io
- to check in source code第二 - 这取决于commons-fileupload
是否使用来自commons-io
方法FileNameUtils.normalize
- 来检查源代码The best way is follow and / or ask such question in project tracking issue.最好的方法是在项目跟踪问题中关注和/或提出此类问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.