Skip to content

victims/maven-security-versions

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
src
 
 
 
 
 
 
 
 
 
 

Maven Security Versions Build Status Maven Central

Identify vulnerable libraries in Maven dependencies.

The plugin is based on versions-maven-plugin. It use the victims database has source for CVEs and Maven artifact mapping.

Usage

> mvn com.redhat.victims.maven:security-versions:check
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Demo Insecure Project 1.0.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- security-versions:1.0.2:check (default-cli) @ demo-insecure-project ---
[INFO] Analyzing the dependencies for com.h3xstream.test:demo-insecure-project
[INFO] Syncing with the victims repository (based on the atom feed)
[INFO] Downloading: https://github.com/victims/victims-cve-db/commits.atom
[INFO] Already to the latest version.
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0094
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0112
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0113
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0116
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-7809
[ERROR] commons-fileupload:commons-fileupload is vulnerable to CVE-2013-2186
[ERROR] commons-fileupload:commons-fileupload is vulnerable to CVE-2014-0050
[ERROR] com.thoughtworks.xstream:xstream is vulnerable to CVE-2013-7285
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.200 s
[INFO] Finished at: 2015-11-03T22:30:48-05:00
[INFO] Final Memory: 13M/194M
[INFO] ------------------------------------------------------------------------

Licenses

About

Identify vulnerable libraries in Maven dependencies

Resources

Stars

Watchers

Forks

Packages

No packages published