Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BULK PR] Tracking: HTTP Download of Dependencies Gradle #9

Open
JLLeitschuh opened this issue Jul 21, 2022 · 0 comments
Open

[BULK PR] Tracking: HTTP Download of Dependencies Gradle #9

JLLeitschuh opened this issue Jul 21, 2022 · 0 comments

Comments

@JLLeitschuh
Copy link
Owner

No description provided.

JLLeitschuh added a commit to JLLeitschuh/allegro__hermes that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/huxq17__XRefreshView that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/openmrs__openmrs-contrib-android-client that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/jenkinsci__outbound-webhook-plugin that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/crc83__gradle-jenkins-plugin that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/madhushreemk__LeadCampus that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/sitewhere__sitewhere that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/Mocha-L__QuJing that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/nining377__UnblockMusicPro_Xposed that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/hank927__TracePlugin that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/SmartReceipts__SmartReceiptsLibrary that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/sonalake__swagger-changelog-gradle-plugin that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/lucene-gosen__lucene-gosen that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/jmad__jmad-core that referenced this issue Jul 21, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
dkayiwa pushed a commit to openmrs/openmrs-contrib-android-client that referenced this issue Jul 26, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/hank927__TracePlugin that referenced this issue Aug 9, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/jenkinsci__outbound-webhook-plugin that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/madhushreemk__LeadCampus that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/jmad__jmad-core that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/Mocha-L__QuJing that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/sonalake__swagger-changelog-gradle-plugin that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/madhushreemk__LeadCampus that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/sitewhere__sitewhere that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/jmad__jmad-core that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/Mocha-L__QuJing that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/sonalake__swagger-changelog-gradle-plugin that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/sitewhere__sitewhere that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/madhushreemk__LeadCampus that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/sonalake__swagger-changelog-gradle-plugin that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/sitewhere__sitewhere that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/jmad__jmad-core that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/sitewhere__sitewhere that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/jmad__jmad-core that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/SmartReceipts__SmartReceiptsLibrary that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/lucene-gosen__lucene-gosen that referenced this issue Oct 3, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
hit-lacus pushed a commit to apache/kylin that referenced this issue Oct 11, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
abel533 pushed a commit to abel533/Mapper that referenced this issue Oct 16, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>
agapple pushed a commit to alibaba/canal that referenced this issue Nov 16, 2022
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>

Co-authored-by: Moderne <[email protected]>
rewerma added a commit to alibaba/canal that referenced this issue Dec 6, 2022
* optimize YAML config loader (#4332)

* fix bug BASE TABLE as table name (#4217)

* fix issues#4328 (#4329)

* docs: add nodejs canal client support (#4260)

Co-authored-by: zhangxunwei <[email protected]>

* fix destination not encoded (#4279)

* 修复Canal指定时间戳启动失效,总是从最新的点位开始同步问题 (#4348)

* 支持用户自定义的CanalAlarmHandler

* RowsLogEvent增加对TableMapLogEvent判空检查,防止NPE异常

* 修复Canal指定时间戳启动失效,总是从最新的点位开始同步问题, issue: #4347

Co-authored-by: 云时 <[email protected]>

* fixed 4334 , support jdk8/jdk11

* fixed issue #4266 , typo

* fixed issue #4243 , support auto register for cluster = null

* fixed issue #4225 , support mysql version >= 8.0.26 heartbeat v2

* fixed issue #4308 , support query_log_event for maraiadb 10.10.1

* ignore compression event

* support jdk11

* support druid 1.2.12

* fixed mariadb 10.x

* sync canal-template.properties

* update fastjson & druid version (#4406)

* 修复升级2.0.4导致兼容的问题

* update druid & fastjson version

* update fastjson version

* update druid & fastjson version

* meta.dat文件数据丢失 (#4397)

* update fastjson & druid version (#4438)

* 局部变量线程安全,优先使用StringBuilder替换StringBuffer (#4472)

Co-authored-by: 夏亮 <[email protected]>

* 1. CanalController stop 需要同时将 embededCanalServer.stop (#4477)

2. ServerRunningMonitor 线程池未正常回收,线程池管理与 start/stop保持一致

* vuln-fix: Use HTTPS instead of HTTP to resolve dependencies (#4437)

This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>

Co-authored-by: Moderne <[email protected]>

* fix_ETL同步mysql关键字报错 (#4346)

Co-authored-by: foleyang <[email protected]>

* optimize code

* use compact BigDecimal

* performance optimize , 1. cache string names 2. cache Charset

* performance optimize ,cache integer/long valueof

* 测试类报错

Co-authored-by: gongchangyou <[email protected]>
Co-authored-by: ChanaLii <[email protected]>
Co-authored-by: zhangxunwei <[email protected]>
Co-authored-by: zhangxunwei <[email protected]>
Co-authored-by: tianpeidong <[email protected]>
Co-authored-by: dataccs <[email protected]>
Co-authored-by: 云时 <[email protected]>
Co-authored-by: jianghang.loujh <[email protected]>
Co-authored-by: 温绍锦 <[email protected]>
Co-authored-by: noaso <[email protected]>
Co-authored-by: HumanPassenger <[email protected]>
Co-authored-by: 夏亮 <[email protected]>
Co-authored-by: 华仔 <[email protected]>
Co-authored-by: Jonathan Leitschuh <[email protected]>
Co-authored-by: Moderne <[email protected]>
Co-authored-by: 杰锅不是锅 <[email protected]>
Co-authored-by: foleyang <[email protected]>
rewerma added a commit to alibaba/canal that referenced this issue Dec 6, 2022
* 修复测试类报错 (#4516)

* optimize YAML config loader (#4332)

* fix bug BASE TABLE as table name (#4217)

* fix issues#4328 (#4329)

* docs: add nodejs canal client support (#4260)

Co-authored-by: zhangxunwei <[email protected]>

* fix destination not encoded (#4279)

* 修复Canal指定时间戳启动失效,总是从最新的点位开始同步问题 (#4348)

* 支持用户自定义的CanalAlarmHandler

* RowsLogEvent增加对TableMapLogEvent判空检查,防止NPE异常

* 修复Canal指定时间戳启动失效,总是从最新的点位开始同步问题, issue: #4347

Co-authored-by: 云时 <[email protected]>

* fixed 4334 , support jdk8/jdk11

* fixed issue #4266 , typo

* fixed issue #4243 , support auto register for cluster = null

* fixed issue #4225 , support mysql version >= 8.0.26 heartbeat v2

* fixed issue #4308 , support query_log_event for maraiadb 10.10.1

* ignore compression event

* support jdk11

* support druid 1.2.12

* fixed mariadb 10.x

* sync canal-template.properties

* update fastjson & druid version (#4406)

* 修复升级2.0.4导致兼容的问题

* update druid & fastjson version

* update fastjson version

* update druid & fastjson version

* meta.dat文件数据丢失 (#4397)

* update fastjson & druid version (#4438)

* 局部变量线程安全,优先使用StringBuilder替换StringBuffer (#4472)

Co-authored-by: 夏亮 <[email protected]>

* 1. CanalController stop 需要同时将 embededCanalServer.stop (#4477)

2. ServerRunningMonitor 线程池未正常回收,线程池管理与 start/stop保持一致

* vuln-fix: Use HTTPS instead of HTTP to resolve dependencies (#4437)

This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9


Co-authored-by: Moderne <[email protected]>

Co-authored-by: Moderne <[email protected]>

* fix_ETL同步mysql关键字报错 (#4346)

Co-authored-by: foleyang <[email protected]>

* optimize code

* use compact BigDecimal

* performance optimize , 1. cache string names 2. cache Charset

* performance optimize ,cache integer/long valueof

* 测试类报错

Co-authored-by: gongchangyou <[email protected]>
Co-authored-by: ChanaLii <[email protected]>
Co-authored-by: zhangxunwei <[email protected]>
Co-authored-by: zhangxunwei <[email protected]>
Co-authored-by: tianpeidong <[email protected]>
Co-authored-by: dataccs <[email protected]>
Co-authored-by: 云时 <[email protected]>
Co-authored-by: jianghang.loujh <[email protected]>
Co-authored-by: 温绍锦 <[email protected]>
Co-authored-by: noaso <[email protected]>
Co-authored-by: HumanPassenger <[email protected]>
Co-authored-by: 夏亮 <[email protected]>
Co-authored-by: 华仔 <[email protected]>
Co-authored-by: Jonathan Leitschuh <[email protected]>
Co-authored-by: Moderne <[email protected]>
Co-authored-by: 杰锅不是锅 <[email protected]>
Co-authored-by: foleyang <[email protected]>

* Revert "修复测试类报错 (#4516)"

This reverts commit d899981.

Co-authored-by: gongchangyou <[email protected]>
Co-authored-by: ChanaLii <[email protected]>
Co-authored-by: zhangxunwei <[email protected]>
Co-authored-by: zhangxunwei <[email protected]>
Co-authored-by: tianpeidong <[email protected]>
Co-authored-by: dataccs <[email protected]>
Co-authored-by: 云时 <[email protected]>
Co-authored-by: jianghang.loujh <[email protected]>
Co-authored-by: 温绍锦 <[email protected]>
Co-authored-by: noaso <[email protected]>
Co-authored-by: HumanPassenger <[email protected]>
Co-authored-by: 夏亮 <[email protected]>
Co-authored-by: 华仔 <[email protected]>
Co-authored-by: Jonathan Leitschuh <[email protected]>
Co-authored-by: Moderne <[email protected]>
Co-authored-by: 杰锅不是锅 <[email protected]>
Co-authored-by: foleyang <[email protected]>
nuxi pushed a commit to nuxi/outbound-webhook-plugin that referenced this issue Jun 28, 2023
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#9

Co-authored-by: Moderne <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant