Skip to content

CVE-2014-0472 and CVE-2016-9013 #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 15, 2022
Merged

CVE-2014-0472 and CVE-2016-9013 #5

merged 5 commits into from
Oct 15, 2022

Conversation

@akath20
Copy link
Contributor

@akath20 akath20 commented Mar 28, 2020

SWEN 331 Research Work for CVE-2014-0472 (Django) and CVE-2016-9013 (Django)

roshnib212
roshnib212 reviewed Apr 2, 2020
View reviewed changes
cves/CVE-2014-0472.yml Outdated
This VCC was discovered automatically via archeogit. This was where
I originally thought the problem was introduced, but this was a refactor
of moving where the function lived.
- commit: 5d568bcfa66916e3de61e0090c724c899debd981
Copy link
Contributor

@roshnib212 roshnib212 Apr 2, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a commit that was discovered isn't relevant or isn't the specific part in the code that where the VCC is introduced then it should be removed!

roshnib212
roshnib212 reviewed Apr 2, 2020
View reviewed changes
cves/CVE-2016-9013.yml
developer to get the tests running. However, the lesson to be learned here
would be when you're adding a new feature, especially a security based on,
look through the exisiting features of that component and how the new
feature would mesh and/or create unforessen complications with exisiting
Copy link
Contributor

@roshnib212 roshnib212 Apr 2, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just in general for all your answers, I would stray away from using first person perspective.

roshnib212
roshnib212 reviewed Apr 3, 2020
View reviewed changes
cves/CVE-2016-9013.yml
feature patch to bring in multiple database support including Oracle
database which did include refactoring and moving around
the password that was used/created in the test database.
upvotes_instructions: |
Copy link
Contributor

@roshnib212 roshnib212 Apr 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

upvotes: 1

roshnib212
roshnib212 reviewed Apr 3, 2020
View reviewed changes
cves/CVE-2014-0472.yml Outdated
This VCC was discovered automatically via archeogit. This was where
I originally thought the problem was introduced, but this was a refactor
of moving where the function lived.
- commit: 5d568bcfa66916e3de61e0090c724c899debd981
Copy link
Contributor

@roshnib212 roshnib212 Apr 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

upvotes: 1

@andymeneely andymeneely merged commit 02612a3 into VulnerabilityHistoryProject:dev Oct 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@roshnib212 roshnib212 roshnib212 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@akath20 @roshnib212 @andymeneely