https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4 中的“漏洞”有什么意义?
[英]What is significance of 'Vulnerabilities' from https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4?
问题描述
Here I need to search latest version of dependency which is not vulnerable but as I navigate to maven repository page https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4 , I see there is also vulnerabilities written under 'Vulnerabilities' section.
在这里,我需要搜索不易受攻击的最新版本的依赖项,但是当我导航到 maven 存储库页面https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload/1.4时,我看到还有写在下面的漏洞漏洞部分。 I am in dilemma, whether this indicates a resolved vulnerability for given version or persisted still.我处于两难境地,这是否表明给定版本的漏洞已解决或仍然存在。 Please clear whether this version is vulnerable or not?请明确此版本是否易受攻击?
<:-- https.//mvnrepository.com/artifact/commons-fileupload/commons-fileupload --> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.4</version> </dependency>
Snapshot-->快照-->
1 个解决方案
解决方案1
0 2022-08-22 13:43:21
Issue was reported in commons-fileupload FILEUPLOAD-347在commons-fileupload FILEUPLOAD-347中报告了问题
There are two vulnerabilities from dependencies:依赖项有两个漏洞:
- one on junit - it is not propagated to end user junit 上的一个 - 它不会传播给最终用户
- second - it's depends if
commons-fileuploaduse methodFileNameUtils.normalizefromcommons-io- to check in source code第二 - 这取决于commons-fileupload是否使用来自commons-io方法FileNameUtils.normalize- 来检查源代码
The best way is follow and / or ask such question in project tracking issue.最好的方法是在项目跟踪问题中关注和/或提出此类问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.