-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BULK PR] Tracking: HTTP Download of Dependencies Gradle #9
Comments
JLLeitschuh
added a commit
to JLLeitschuh/allegro__hermes
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/huxq17__XRefreshView
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/openmrs__openmrs-contrib-android-client
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/jenkinsci__outbound-webhook-plugin
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/crc83__gradle-jenkins-plugin
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/madhushreemk__LeadCampus
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/sitewhere__sitewhere
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/Mocha-L__QuJing
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/nining377__UnblockMusicPro_Xposed
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/hank927__TracePlugin
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/SmartReceipts__SmartReceiptsLibrary
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/sonalake__swagger-changelog-gradle-plugin
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
This was referenced Jul 21, 2022
Merged
JLLeitschuh
added a commit
to JLLeitschuh/lucene-gosen__lucene-gosen
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to JLLeitschuh/jmad__jmad-core
that referenced
this issue
Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
This was referenced Jul 21, 2022
Closed
dkayiwa
pushed a commit
to openmrs/openmrs-contrib-android-client
that referenced
this issue
Jul 26, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io> Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/hank927__TracePlugin
that referenced
this issue
Aug 9, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/jenkinsci__outbound-webhook-plugin
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/madhushreemk__LeadCampus
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/jmad__jmad-core
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/Mocha-L__QuJing
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/sonalake__swagger-changelog-gradle-plugin
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/madhushreemk__LeadCampus
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/sitewhere__sitewhere
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/jmad__jmad-core
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/Mocha-L__QuJing
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/sonalake__swagger-changelog-gradle-plugin
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/sitewhere__sitewhere
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/madhushreemk__LeadCampus
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/sonalake__swagger-changelog-gradle-plugin
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/sitewhere__sitewhere
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/jmad__jmad-core
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/sitewhere__sitewhere
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/jmad__jmad-core
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/SmartReceipts__SmartReceiptsLibrary
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
JLLeitschuh
added a commit
to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen
that referenced
this issue
Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
hit-lacus
pushed a commit
to apache/kylin
that referenced
this issue
Oct 11, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
abel533
pushed a commit
to abel533/Mapper
that referenced
this issue
Oct 16, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
agapple
pushed a commit
to alibaba/canal
that referenced
this issue
Nov 16, 2022
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io> Co-authored-by: Moderne <team@moderne.io>
rewerma
added a commit
to alibaba/canal
that referenced
this issue
Dec 6, 2022
* optimize YAML config loader (#4332) * fix bug BASE TABLE as table name (#4217) * fix issues#4328 (#4329) * docs: add nodejs canal client support (#4260) Co-authored-by: zhangxunwei <zhangxunwei@dxy.cn> * fix destination not encoded (#4279) * 修复Canal指定时间戳启动失效,总是从最新的点位开始同步问题 (#4348) * 支持用户自定义的CanalAlarmHandler * RowsLogEvent增加对TableMapLogEvent判空检查,防止NPE异常 * 修复Canal指定时间戳启动失效,总是从最新的点位开始同步问题, issue: #4347 Co-authored-by: 云时 <mingya.wmy@alibaba-inc.com> * fixed 4334 , support jdk8/jdk11 * fixed issue #4266 , typo * fixed issue #4243 , support auto register for cluster = null * fixed issue #4225 , support mysql version >= 8.0.26 heartbeat v2 * fixed issue #4308 , support query_log_event for maraiadb 10.10.1 * ignore compression event * support jdk11 * support druid 1.2.12 * fixed mariadb 10.x * sync canal-template.properties * update fastjson & druid version (#4406) * 修复升级2.0.4导致兼容的问题 * update druid & fastjson version * update fastjson version * update druid & fastjson version * meta.dat文件数据丢失 (#4397) * update fastjson & druid version (#4438) * 局部变量线程安全,优先使用StringBuilder替换StringBuffer (#4472) Co-authored-by: 夏亮 <xialiang@newerabc.com> * 1. CanalController stop 需要同时将 embededCanalServer.stop (#4477) 2. ServerRunningMonitor 线程池未正常回收,线程池管理与 start/stop保持一致 * vuln-fix: Use HTTPS instead of HTTP to resolve dependencies (#4437) This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io> Co-authored-by: Moderne <team@moderne.io> * fix_ETL同步mysql关键字报错 (#4346) Co-authored-by: foleyang <foleyang@cogobuy.com> * optimize code * use compact BigDecimal * performance optimize , 1. cache string names 2. cache Charset * performance optimize ,cache integer/long valueof * 测试类报错 Co-authored-by: gongchangyou <gongchangyou@gmail.com> Co-authored-by: ChanaLii <316529035@qq.com> Co-authored-by: zhangxunwei <zhangxunweia@gmail.com> Co-authored-by: zhangxunwei <zhangxunwei@dxy.cn> Co-authored-by: tianpeidong <39491687+tianpeidong@users.noreply.github.com> Co-authored-by: dataccs <dataccs@163.com> Co-authored-by: 云时 <mingya.wmy@alibaba-inc.com> Co-authored-by: jianghang.loujh <jianghang.loujh@alibaba-inc.com> Co-authored-by: 温绍锦 <shaojin.wensj@alibaba-inc.com> Co-authored-by: noaso <noasoso@gmail.com> Co-authored-by: HumanPassenger <40585855+HumanPassenger@users.noreply.github.com> Co-authored-by: 夏亮 <xialiang@newerabc.com> Co-authored-by: 华仔 <591327356@qq.com> Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com> Co-authored-by: Moderne <team@moderne.io> Co-authored-by: 杰锅不是锅 <1105568074@qq.com> Co-authored-by: foleyang <foleyang@cogobuy.com>
rewerma
added a commit
to alibaba/canal
that referenced
this issue
Dec 6, 2022
* 修复测试类报错 (#4516) * optimize YAML config loader (#4332) * fix bug BASE TABLE as table name (#4217) * fix issues#4328 (#4329) * docs: add nodejs canal client support (#4260) Co-authored-by: zhangxunwei <zhangxunwei@dxy.cn> * fix destination not encoded (#4279) * 修复Canal指定时间戳启动失效,总是从最新的点位开始同步问题 (#4348) * 支持用户自定义的CanalAlarmHandler * RowsLogEvent增加对TableMapLogEvent判空检查,防止NPE异常 * 修复Canal指定时间戳启动失效,总是从最新的点位开始同步问题, issue: #4347 Co-authored-by: 云时 <mingya.wmy@alibaba-inc.com> * fixed 4334 , support jdk8/jdk11 * fixed issue #4266 , typo * fixed issue #4243 , support auto register for cluster = null * fixed issue #4225 , support mysql version >= 8.0.26 heartbeat v2 * fixed issue #4308 , support query_log_event for maraiadb 10.10.1 * ignore compression event * support jdk11 * support druid 1.2.12 * fixed mariadb 10.x * sync canal-template.properties * update fastjson & druid version (#4406) * 修复升级2.0.4导致兼容的问题 * update druid & fastjson version * update fastjson version * update druid & fastjson version * meta.dat文件数据丢失 (#4397) * update fastjson & druid version (#4438) * 局部变量线程安全,优先使用StringBuilder替换StringBuffer (#4472) Co-authored-by: 夏亮 <xialiang@newerabc.com> * 1. CanalController stop 需要同时将 embededCanalServer.stop (#4477) 2. ServerRunningMonitor 线程池未正常回收,线程池管理与 start/stop保持一致 * vuln-fix: Use HTTPS instead of HTTP to resolve dependencies (#4437) This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io> Co-authored-by: Moderne <team@moderne.io> * fix_ETL同步mysql关键字报错 (#4346) Co-authored-by: foleyang <foleyang@cogobuy.com> * optimize code * use compact BigDecimal * performance optimize , 1. cache string names 2. cache Charset * performance optimize ,cache integer/long valueof * 测试类报错 Co-authored-by: gongchangyou <gongchangyou@gmail.com> Co-authored-by: ChanaLii <316529035@qq.com> Co-authored-by: zhangxunwei <zhangxunweia@gmail.com> Co-authored-by: zhangxunwei <zhangxunwei@dxy.cn> Co-authored-by: tianpeidong <39491687+tianpeidong@users.noreply.github.com> Co-authored-by: dataccs <dataccs@163.com> Co-authored-by: 云时 <mingya.wmy@alibaba-inc.com> Co-authored-by: jianghang.loujh <jianghang.loujh@alibaba-inc.com> Co-authored-by: 温绍锦 <shaojin.wensj@alibaba-inc.com> Co-authored-by: noaso <noasoso@gmail.com> Co-authored-by: HumanPassenger <40585855+HumanPassenger@users.noreply.github.com> Co-authored-by: 夏亮 <xialiang@newerabc.com> Co-authored-by: 华仔 <591327356@qq.com> Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com> Co-authored-by: Moderne <team@moderne.io> Co-authored-by: 杰锅不是锅 <1105568074@qq.com> Co-authored-by: foleyang <foleyang@cogobuy.com> * Revert "修复测试类报错 (#4516)" This reverts commit d899981. Co-authored-by: gongchangyou <gongchangyou@gmail.com> Co-authored-by: ChanaLii <316529035@qq.com> Co-authored-by: zhangxunwei <zhangxunweia@gmail.com> Co-authored-by: zhangxunwei <zhangxunwei@dxy.cn> Co-authored-by: tianpeidong <39491687+tianpeidong@users.noreply.github.com> Co-authored-by: dataccs <dataccs@163.com> Co-authored-by: 云时 <mingya.wmy@alibaba-inc.com> Co-authored-by: jianghang.loujh <jianghang.loujh@alibaba-inc.com> Co-authored-by: 温绍锦 <shaojin.wensj@alibaba-inc.com> Co-authored-by: noaso <noasoso@gmail.com> Co-authored-by: HumanPassenger <40585855+HumanPassenger@users.noreply.github.com> Co-authored-by: 夏亮 <xialiang@newerabc.com> Co-authored-by: 华仔 <591327356@qq.com> Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com> Co-authored-by: Moderne <team@moderne.io> Co-authored-by: 杰锅不是锅 <1105568074@qq.com> Co-authored-by: foleyang <foleyang@cogobuy.com>
nuxi
pushed a commit
to nuxi/outbound-webhook-plugin
that referenced
this issue
Jun 28, 2023
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No description provided.
The text was updated successfully, but these errors were encountered: