如何删除 com.thoughtworks.xstream_xstream 关键漏洞?
[英]How to remove com.thoughtworks.xstream_xstream critical Vulnerabilities?
问题描述
I have a spring boot application.
我有一个 spring 启动应用程序。 When I add this plugin当我添加这个插件
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
in the Build section, I am getting these vulnerabilities.在构建部分,我得到了这些漏洞。
| CVE-2021-21345 | critical | 9.90 | com.thoughtworks.xstream_xstream | 1.4.7 | fixed in 1.4.16 | > 1 years | < 1 hour | XStream is a Java library to serialize objects |
| | | | | | > 1 years ago | | | to XML and back again. In XStream before version |
| | | | | | | | | 1.4.16, there is a vulnerability which may allow a |
| | | | | | | | | rem... |
+------------------+-----------+------+---------------------------------------------+----------------------+----------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-21350 | critical | 9.80 | com.thoughtworks.xstream_xstream | 1.4.7 | fixed in 1.4.16 | > 1 years | < 1 hour | XStream is a Java library to serialize objects |
| | | | | | > 1 years ago | | | to XML and back again. In XStream before version |
| | | | | | | | | 1.4.16, there is a vulnerability which may allow a |
| | | | | | | | | rem... |
+------------------+-----------+------+---------------------------------------------+----------------------+----------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-21347 | critical | 9.80 | com.thoughtworks.xstream_xstream | 1.4.7 | fixed in 1.4.16 | > 1 years | < 1 hour | XStream is a Java library to serialize objects |
| | | | | | > 1 years ago | | | to XML and back again. In XStream before version |
| | | | | | | | | 1.4.16, there is a vulnerability which may allow a |
| | | | | | | | | rem... |
+------------------+-----------+------+---------------------------------------------+----------------------+----------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-21346 | critical | 9.80 | com.thoughtworks.xstream_xstream | 1.4.7 | fixed in 1.4.16 | > 1 years | < 1 hour | XStream is a Java library to serialize objects |
| | | | | | > 1 years ago | | | to XML and back again. In XStream before version |
| | | | | | | | | 1.4.16, there is a vulnerability which may allow a |
| | | | | | | | | rem... |
+------------------+-----------+------+---------------------------------------------+----------------------+----------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-21344 | critical | 9.80 | com.thoughtworks.xstream_xstream | 1.4.7 | fixed in 1.4.16 | > 1 years | < 1 hour | XStream is a Java library to serialize objects |
| | | | | | > 1 years ago | | | to XML and back again. In XStream before version |
| | | | | | | | | 1.4.16, there is a vulnerability which may allow a |
| | | | | | | | | rem... |
+------------------+-----------+------+---------------------------------------------+----------------------+----------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-21351 | critical | 9.10 | com.thoughtworks.xstream_xstream | 1.4.7 | fixed in 1.4.16 | > 1 years | < 1 hour | XStream is a Java library to serialize objects |
| | | | | | > 1 years ago | | | to XML and back again. In XStream before version |
| | | | | | | | | 1.4.16, there is a vulnerability may allow a |
| | | | | | | | | remote at... |
+------------------+-----------+------+---------------------------------------------+----------------------+----------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-21342 | critical | 9.10 | com.thoughtworks.xstream_xstream | 1.4.7 | fixed in 1.4.16 | > 1 years | < 1 hour | XStream is a Java library to serialize objects |
| | | | | | > 1 years ago | | | to XML and back again. In XStream before version |
| | | | | | | | | 1.4.16, there is a vulnerability where the |
| | | | | | | | | processed s...
I also tried to add this in the dependencies section but still, it is giving the same.我也尝试在依赖项部分添加它,但仍然给出相同的结果。
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.18</version>
</dependency>
What should I change in my POM.xml to remove these Vulnerabilities?我应该在我的 POM.xml 中更改什么来删除这些漏洞?
1 个解决方案
解决方案1
0 已采纳 2022-08-22 14:59:10
You can check maven documentation for any known vulnerabilities associated with any nested dependency: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-maven-plugin您可以查看 maven 文档以了解与任何嵌套依赖项相关的任何已知漏洞: https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-maven-plugin
seems that you are using specific old version of the plugin which has those vulnerabilities, try to update to the latest one.似乎您正在使用具有这些漏洞的特定旧版本插件,请尝试更新到最新版本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
XStream-com.thoughtworks.xstream.converters.ConversionException - XStream - com.thoughtworks.xstream.converters.ConversionException
com.thoughtworks.xstream.converters.ConversionException - com.thoughtworks.xstream.converters.ConversionException
com.thoughtworks.xstream.mapper.CannotResolveClassException - com.thoughtworks.xstream.mapper.CannotResolveClassException
Xtream com.thoughtworks.xstream.mapper.CannotResolveClassException - Xtream com.thoughtworks.xstream.mapper.CannotResolveClassException
com.thoughtworks.xstream.security.ForbiddenClassException - com.thoughtworks.xstream.security.ForbiddenClassException
com.thoughtworks.xstream.mapper.CannotResolveClassException - com.thoughtworks.xstream.mapper.CannotResolveClassException
如何避免com.thoughtworks.xstream.io.StreamException:在进行deseriliazation时无法创建XmlPullParser? - How to avoid com.thoughtworks.xstream.io.StreamException: Cannot create XmlPullParser while deseriliazation?
转换错误 com.thoughtworks.xstream.converters.ConversionException - Conversion error com.thoughtworks.xstream.converters.ConversionException
包com.thoughtworks.xstream.annotations不存在 - package com.thoughtworks.xstream.annotations does not exist
引起:com.thoughtworks.xstream.security.ForbiddenClassException: - Spring Batch - Caused by: com.thoughtworks.xstream.security.ForbiddenClassException: - Spring Batch
相关标签