maven 漏洞扫描

已于 2024-02-21 16:24:12 修改
阅读量1.1k 收藏 6
点赞数 9
分类专栏: Maven 文章标签: maven java
于 2024-02-21 16:21:36 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_33746789/article/details/136214624
版权

dependency-check-maven 插件

添加以下 Maven 插件,第一次 check 会很慢,因为需要下载漏洞包


<plugin>
    <groupId>org.owasp</groupId>
    <artifactId>dependency-check-maven</artifactId>
    <version>9.0.9</version>
    <configuration>
        <autoUpdate>true</autoUpdate>
    </configuration>
    <executions>
        <execution>
            <goals>
                <goal>check</goal>
            </goals>
        </execution>
    </executions>
</plugin>

将以下 jsrepository.json 文件粘贴到 maven 仓库依赖目录下 dependency-check-data/9.0 和 dependency-check-utils/9.0.9 中

在右侧maven 插件 点击 check 后,运行完毕,在项目 target 会出现 dependency-check-report.html 报告

      
{
	"retire-example": {
		"vulnerabilities" : [
			{
				"below" : "0.0.2",
				"severity" : "low",
				"identifiers" : {
					"CVE" : [ "CVE-XXXX-XXXX" ],
					"bug" : "1234",
					"summary" : "bug summary"
				},
				"info" : [ "http://github.com/eoftedal/retire.js/" ]
			}
		],
		"extractors" : {
			"func" : [ "retire.VERSION" ],
			"filename" : [ "retire-example-(§§version§§)(.min)?\\.js" ],
			"filecontent"	: [ "/\\*!? Retire-example v(§§version§§)" ],
			"hashes" : { "07f8b94c8d601a24a1914a1a92bec0e4fafda964" : "0.0.1" }
		}
	},

	"jquery": {
		"bowername": [ "jQuery" ],
		"vulnerabilities" : [
			{
				"below" : "1.6.3",
				"severity" : "medium",
				"identifiers" : {
					"CVE": [ "CVE-2011-4969" ],
					"summary": "XSS with location.hash"
				},
				"info" : [ "https://nvd.nist.gov/vuln/detail/CVE-2011-4969" , "http://research.insecurelabs.org/jquery/test/", "https://bugs.jquery.com/ticket/9521" ]
			},
			{
				"below" : "1.9.0b1",
				"identifiers": {
					"CVE" : [ "CVE-2012-6708" ],
					"bug": "11290",
					"summary": "Selector interpreted as HTML"
				},
				"severity": "medium",
				"info" : [ "http://bugs.jquery.com/ticket/11290" , "https://nvd.nist.gov/vuln/detail/CVE-2012-6708", "http://research.insecurelabs.org/jquery/test/" ]
			},
			{
				"atOrAbove" : "1.4.0",
				"below" : "1.12.0",
				"identifiers": {
					"issue" : "2432",
					"summary": "3rd party CORS request may execute",
				        "CVE": [ "CVE-2015-9251" ]
				},
				"severity": "medium",
				"info" : [ "https://github.com/jquery/jquery/issues/2432", "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/" ]
			},
			{
				"atOrAbove" : "1.12.3",
				"below" : "3.0.0-beta1",
				"identifiers": {
					"issue" : "2432",
					"summary": "3rd party CORS request may execute",
				        "CVE": [ "CVE-2015-9251" ]
				},
				"severity": "medium",
				"info" : [ "https://github.com/jquery/jquery/issues/2432", "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/" ]
			},
			{
				"atOrAbove" : "1.8.0",
				"below" : "1.12.0",
				"identifiers": {
					"CVE" : [ "CVE-2015-9251" ],
					"issue" : "11974",
					"summary": "parseHTML() executes scripts in event handlers"
				},
				"severity": "medium",
				"info" : [ "https://bugs.jquery.com/ticket/11974", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/" ]
			},
			{
				"atOrAbove" : "1.12.2",
				"below" : "2.2.0",
				"identifiers": {
					"CVE" : [ "CVE-2015-9251" ],
					"issue" : "11974",
					"summary": "parseHTML() executes scripts in event handlers"
				},
				"severity": "medium",
				"info" : [ "https://bugs.jquery.com/ticket/11974", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/" ]
			},
			{
				"atOrAbove" : "2.2.2",
				"below" : "3.0.0",
				"identifiers": {
					"CVE" : [ "CVE-2015-9251" ],
					"issue" : "11974",
					"summary": "parseHTML() executes scripts in event handlers"
				},
				"severity": "medium",
				"info" : [ "https://bugs.jquery.com/ticket/11974", "https://nvd.nist.gov/vuln/detail/CVE-2015-9251", "http://research.insecurelabs.org/jquery/test/" ]
			},
			{
				"below" : "3.4.0",
				"identifiers": {
					"CVE" : [ "CVE-2019-11358" ],
					"summary": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution"
				},
				"severity" : "low",
				"info" : [ "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" ]
			},
			{
				"below" : "3.5.0",
				"identifiers": {
					"CVE": [ "CVE-2020-11022" ],
					"summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS"
				},
				"severity" : "medium",
				"info" : [ "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" ]
			},
			{
				"below" : "3.5.0",
				"identifiers": {
					"CVE": [ "CVE-2020-11023" ],
					"summary": "Regex in its jQuery.htmlPrefilter sometimes may introduce XSS"
				},
				"severity" : "medium",
				"info" : [ "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" ]
			}	
		],
		"extractors" : {
			"func"    		: [
								"(window.jQuery || window.$ || window.$jq || window.$j).fn.jquery",
								"require('jquery').fn.jquery"
			],
			"uri"			: [ "/(§§version§§)/jquery(\\.min)?\\.js" ],
			"filename"		: [ "jquery-(§§version§§)(\\.min)?\\.js" ],
			"filecontent"	: [
								"/\\*!? jQuery v(§§version§§)", "\\* jQuery JavaScript Library v(§§version§§)",
								"\\* jQuery (§§version§§) - New Wave Javascript", "// \\$Id: jquery.js,v (§§version§§)",
								"/\\*! jQuery v(§§version§§)",
                "[^a-z]f=\"(§§version§§)\",.*[^a-z]jquery:f,",
                "[^a-z]m=\"(§§version§§)\",.*[^a-z]jquery:m,",
                "[^a-z.]jquery:[ ]?\"(§§version§§)\"",
                "\\$\\.documentElement,Q=e.jQuery,Z=e\\.\\$,ee=\\{\\},te=\\[\\],ne=\"(§§version§§)\""
			],
			"filecontentreplace" : [
				"/var [a-z]=[a-z]\\.document,([a-z])=\"(§§version§§)\",([a-z])=.{130,160};\\3\\.fn=\\3\\.prototype=\\{jquery:\\1/$2/"
			],
			"hashes"		: {}
		}
	},
	"jquery-migrate" : {
		"vulnerabilities" : [
			{
				"below" : "1.2.0",
				"severity": "medium",
				"identifiers": {
					"release": "jQuery Migrate 1.2.0 Released",
					"summary": "cross-site-scripting"
				},
				"info" : [ "http://blog.jquery.com/2013/05/01/jquery-migrate-1-2-0-released/" ]
			},
			{
				"below" : "1.2.2",
				"severity": "medium",
				"identifiers": {
					"bug": "11290",
					"summary": "Selector interpreted as HTML"
				},
				"info" : [ "http://bugs.jquery.com/ticket/11290" , "http://research.insecurelabs.org/jquery/test/" ]
			}
		],
		"extractors" : {
			"filename"		: [ "jquery-migrate-(§§version§§)(.min)?\\.js" ],
			"filecontent"	: [ "/\\*!?(?:\n \\*)? jQuery Migrate(?: -)? v(§§version§§)" ],
			"hashes"		: {}
		}
	},
	"jquery.validator" : {
		"bowername": [ "jquery-validator" ],
		"vulnerabilities" : [
		],
		"extractors" : {
			"func"    		: [ "jQuery.validation.version" ],
			"filename"		: [ "jquery.validation-(§§version§§)(.min)?\\.js" ],
			"uri"			: [ "/(§§version§§)/jquery.validation(\\.min)?\\.js" ],
			"filecontent"	: [ "/\\*!?(?:\n \\*)? jQuery Validation Plugin v(§§version§§)" ],
			"hashes"		: {}
		}
	},
	"jquery-mobile" : {
		"bowername": [ "jquery-mobile", "jquery-mobile-min", "jquery-mobile-build", "jquery-mobile-dist", "jquery-mobile-bower" ],
		"vulnerabilities" : [
			{
				"below" : "1.0RC2",
				"severity": "high",
				"identifiers": {"osvdb": ["94563", "93562", "94316", "94561", "94560"]},
				"info" : [ "http://osvdb.org/show/osvdb/94563", "http://osvdb.org/show/osvdb/94562", "http://osvdb.org/show/osvdb/94316", "http://osvdb.org/show/osvdb/94561", "http://osvdb.org/show/osvdb/94560" ]
			},
			{
				"below" : "1.0.1",
				"severity": "high",
				"identifiers": {"osvdb": ["94317"]},
				"info": [ "http://osvdb.org/show/osvdb/94317" ]
			},
			{
				"below" : "1.1.2",
				"severity": "medium",
				"identifiers": {
					"issue": "4787",
					"release": "http://jquerymobile.com/changelog/1.1.2/",
					"summary": "location.href cross-site scripting"
				},
				"info": [ "http://jquerymobile.com/changelog/1.1.2/", "https://github.com/jquery/jquery-mobile/issues/4787" ]
			},
			{
				"below" : "1.2.0",
				"severity": "medium",
				"identifiers": {
					"issue": "4787",
					"release": "http://jquerymobile.com/changelog/1.2.0/",
					"summary": "location.href cross-site scripting"
				},
				"info": [ "http://jquerymobile.com/changelog/1.2.0/", "https://github.com/jquery/jquery-mobile/issues/4787" ]
			},
			{
				"below" : "100.0.0",
				"severity": "medium",
				"identifiers": {
					"summary": "open redirect leads to cross site scripting"
				},
				"info": [ "http://sirdarckcat.blogspot.no/2017/02/unpatched-0day-jquery-mobile-xss.html" ]
			},
			{
				"below" : "1.3.0",
				"severity": "high",
				"identifiers": {
					"summary": "Endpoint that reflect user input leads to cross site scripting"
				},
				"info": [ "https://gist.github.com/jupenur/e5d0c6f9b58aa81860bf74e010cf1685" ]
			}
		],
		"extractors" : {
			"func"    		: [ "jQuery.mobile.version" ],
			"filename"		: [ "jquery.mobile-(§§version§§)(.min)?\\.js" ],
			"uri"			: [ "/(§§version§§)/jquery.mobile(\\.min)?\\.js" ],
			"filecontent"	: [ "/\\*!?(?:\n \\*)? jQuery Mobile(?: -)? v(§§version§§)" ],
			"hashes"		: {}
		}
	},
	"jquery-ui-dialog" : {
		"bowername": [ "jquery-ui", "jquery.ui" ],
		"vulnerabilities" : [
			{
				"atOrAbove": "1.8.9",
				"below" : "1.10.0",
				"severity": "medium",
				"identifiers": {
					"CVE": [ "CVE-2010-5312" ],
					"bug": "6016",
					"summary": "Title cross-site scripting vulnerability"
				},
				"info" : [ "http://bugs.jqueryui.com/ticket/6016", "https://nvd.nist.gov/vuln/detail/CVE-2010-5312" ]
			},
			{
				"below" : "1.12.0",
				"severity": "high",
				"identifiers": {
					"CVE": [ "CVE-2016-7103" ],
					"bug": "281",
					"summary": "XSS Vulnerability on closeText option"
				},
				"info" : [ "https://github.com/jquery/api.jqueryui.com/issues/281", "https://nvd.nist.gov/vuln/detail/CVE-2016-7103", "https://snyk.io/vuln/npm:jquery-ui:20160721" ]
			}
		],
		"extractors" : {
			"func"    		: [ "jQuery.ui.dialog.version" ],
			"filecontent"	: [
				"/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.dialog\\.js",
				"/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.dialog",
				"/\\*!?[\n *]+jQuery UI Dialog (§§version§§)",
				"/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}\\* Includes: .* dialog\\.js"
			],
			"hashes"		: {}
		}
	},
	"jquery-ui-autocomplete" : {
		"bowername": [ "jquery-ui", "jquery.ui" ],
		"vulnerabilities" : [ ],
		"extractors" : {
			"func"    		: [ "jQuery.ui.autocomplete.version" ],
			"filecontent"	: [
				"/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.autocomplete\\.js",
				"/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.autocomplete",
				"/\\*!?[\n *]+jQuery UI Autocomplete (§§version§§)",
				"/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}\\* Includes: .* autocomplete\\.js"
			],
			"hashes"		: {}
		}
	},
	"jquery-ui-tooltip" : {
		"bowername": [ "jquery-ui", "jquery.ui" ],
		"vulnerabilities" : [
			{
				"atOrAbove": "1.9.2",
				"below" : "1.10.0",
				"severity": "high",
				"identifiers": {
					"CVE" : [ "CVE-2012-6662" ],
					"bug": "8859",
					"summary": "Autocomplete cross-site scripting vulnerability"
				},
				"info" : [ "http://bugs.jqueryui.com/ticket/8859", "https://nvd.nist.gov/vuln/detail/CVE-2012-6662" ]
			}
		],
		"extractors" : {
			"func"    		: [ "jQuery.ui.tooltip.version" ],
			"filecontent"	: [
				"/\\*!? jQuery UI - v(§§version§§)(.*\n){1,3}.*jquery\\.ui\\.tooltip\\.js",
				"/\\*!?[\n *]+jQuery UI (§§version§§)(.*\n)*.*\\.ui\\.tooltip",
				"/\\*!?[\n *]+jQuery UI Tooltip (§§version§§)"
			],
			"hashes"		: {}
		}
	},
	"jquery.prettyPhoto" : {
		"bowername": [ "jquery-prettyPhoto" ],
		"vulnerabilities" : [
			{
				"below" : "3.1.5",
				"severity" : "high",
				"identifiers" : { "CVE" : [ "CVE-2013-6837" ] },
				"info" : [ "https://nvd.nist.gov/vuln/detail/CVE-2013-6837" ]
			},
			{
				"below" : "3.1.6",
				"severity" : "high",
				"info" : [ "https://github.com/scaron/prettyphoto/issues/149", "https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto" ]
			}

		],
		"extractors" : {
			"func"    		: [ "jQuery.prettyPhoto.version" ],
			"filecontent"	: [
				"/\\*(?:.*[\n\r]+){1,3}.*Class: prettyPhoto(?:.*[\n\r]+){1,3}.*Version: (§§version§§)",
				"\\.prettyPhoto[ ]?=[ ]?\\{version:[ ]?(?:'|\")(§§version§§)(?:'|\")\\}"
			],
			"hashes"		: {}
		}
	},
	"jPlayer" : {
		"bowername": [ "jPlayer" ],
		"vulnerabilities" : [
			{
				"below" : "2.3.1",
				"severity": "high",
				"identifiers": {
					"CVE": [ "CVE-2013-2023" ],
					"release" : "2.3.1",
					"summary" : "XSS vulnerability in actionscript/Jplayer.as in the Flash SWF component" },
				"info" : [ "http://jplayer.org/latest/release-notes/", "https://nvd.nist.gov/vuln/detail/CVE-2013-2023" ]
			},
			{
				"below" : "2.3.23",
				"severity": "high",
				"identifiers": {
					"CVE": [ "CVE-2013-2022" ],
					"release": "2.3.23",
					"summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component"
				},
				"info" : [ "http://jplayer.org/latest/release-notes/", "https://nvd.nist.gov/vuln/detail/CVE-2013-2022" ]
			},
			{
				"below" : "2.2.20",
				"severity": "high",
				"identifiers": {
					"CVE": [ "CVE-2013-1942" ],
					"release": "2.2.20",
					"summary": "XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component"
				},
				"info" : [ "http://jplayer.org/latest/release-notes/", "https://nvd.nist.gov/vuln/detail/CVE-2013-1942" ]
			}
		],
		"extractors" : {
			"func"    		: [ "new jQuery.jPlayer().version.script" ],
			"filecontent"	: [
				"/\\*(?:.*[\n\r]+){1,3}.*jPlayer Plugin for jQuery(?:.*[\n\r]+){1,10}.*Version: (§§version§§)"
			],
			"hashes"		: {}
		}
	},
	"knockout": {
		"vulnerabilities" : [
			{
				"below" : "3.5.0-beta",
				"severity": "medium",
				"identifiers": {"summary": "XSS injection point in attr name binding for browser IE7 and older"},
				"info" : [ "https://github.com/knockout/knockout/issues/1244" ]
			}
		],
		"extractors" : {
			"func"    		: [ "ko.version" ],
			"filename"		: [ "knockout-(§§version§§)(.min)?\\.js"],
			"filecontent"	: [
				"\\* Knockout JavaScript library v(§§version§§)"
			],
			"hashes"		: {}
		}
	},
	"sessvars": {
		"vulnerabilities" : [
			{
				"below" : "1.01",
				"severity": "low",
				"identifiers": {"summary": "Unsanitized data passed to eval()"},
				"info" : [ "http://www.thomasfrank.se/sessionvars.html" ]
			}
		],
		"extractors" : {
			"filename"		: [ "sessvars-(§§version§§)(.min)?\\.js"],
			"filecontent"	: [ "sessvars ver (§§version§§)"],
			"hashes"		: {}
		}
	},
	"swfobject": {
		"bowername": [ "swfobject", "swfobject-bower" ],
		"vulnerabilities" : [
			{
				"below" : "2.1",
				"severity": "medium",
				"identifiers": {"summary": "DOM-based XSS"},
				"info" : [ "https://github.com/swfobject/swfobject/wiki/SWFObject-Release-Notes#swfobject-v21-beta7-june-6th-2008" ]
			}
		],
		"extractors" : {
			"filename"		: [ "swfobject_(§§version§§)(.min)?\\.js"],
			"filecontent"	: [ "SWFObject v(§§version§§) "],
			"hashes"		: {}
		}
	},

	"tinyMCE" : {
		"bowername": [ "tinymce", "tinymce-dist" ],
		"vulnerabilities" : [
			{
				"below" : "1.4.2",
				"severity" : "high",
				"identifiers" : {
					"summary" : "Static code injection vulnerability in inc/function.base.php",
					"CVE" : [ "CVE-2011-4825" ]
				},
				"info" : [ "http://www.cvedetails.com/cve/CVE-2011-4825/" ]
			},
			{
				"below" : "4.2.4",
				"severity" : "medium",
				"identifiers" : { "summary" : "xss issues with media plugin not properly filtering out some script attributes." },
				"info" : [ "https://www.tinymce.com/docs/changelog/" ]

			},
			{
				"below" : "4.2.0",
				"severity" : "medium",
				"identifiers" : { "summary" : "FIXED so script elements gets removed by default to prevent possible XSS issues in default config implementations" },
				"info" : [ "https://www.tinymce.com/docs/changelog/" ]

			},
			{
				"below" : "4.7.12",
				"severity" : "medium",
				"identifiers" : { "summary" : "FIXED so links with xlink:href attributes are filtered correctly to prevent XSS." },
				"info" : [ "https://www.tinymce.com/docs/changelog/" ]

			}
		],
		"extractors" : {
			"filecontent"	     : [ "// (§§version§§) \\([0-9\\-]+\\)[\n\r]+.{0,1200}l=.tinymce/geom/Rect." ],
			"filecontentreplace" : [
										"/tinyMCEPreInit.*majorVersion:.([0-9]+).,minorVersion:.([0-9.]+)./$1.$2/",
										"/majorVersion:.([0-9]+).,minorVersion:.([0-9.]+).,.*tinyMCEPreInit/$1.$2/"
								   ],
			"func" 				 : [ "tinyMCE.majorVersion + '.'+ tinyMCE.minorVersion" ]
		}
	},

	"YUI" : {
		"bowername": [ "yui", "yui3" ],
		"vulnerabilities" : [
			{
				"atOrAbove" : "3.5.0" ,
				"below" : "3.9.2",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2013-4942" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2013-4942/" ]
			},
			{
				"atOrAbove" : "3.2.0" ,
				"below" : "3.9.2",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2013-4941" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2013-4941/" ]
			},
			{
				"atOrAbove" : "3.0.0",
				"below" : "3.10.3",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2013-4940" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2013-4940/" ]
			},
			{
				"atOrAbove" : "3.0.0" ,
				"below" : "3.9.2",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2013-4939" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2013-4939/" ]
			},
			{
				"atOrAbove" : "2.8.0" ,
				"below" : "2.9.1",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2012-5883" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2012-5883/" ]
			},
			{
				"atOrAbove" : "2.5.0" ,
				"below" : "2.9.1",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2012-5882" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2012-5882/" ]
			},
			{
				"atOrAbove" : "2.4.0" ,
				"below" : "2.9.1",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2012-5881" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2012-5881/" ]
			},
			{
				"below" : "2.9.0",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2010-4710" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2010-4710/" ]
			},
			{
				"atOrAbove" : "2.8.0" ,
				"below" : "2.8.2",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2010-4209" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2010-4209/" ]
			},
			{
				"atOrAbove" : "2.5.0" ,
				"below" : "2.8.2",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2010-4208" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2010-4208/" ]
			},
			{
				"atOrAbove" : "2.4.0" ,
				"below" : "2.8.2",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2010-4207" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2010-4207/" ]
			}
		],
		"extractors" : {
			"func"    		: [ "YUI.Version", "YAHOO.VERSION" ],
			"filename"		: [ "yui-(§§version§§)(.min)?\\.js"],
			"filecontent"	: [ "/*\nYUI (§§version§§)", "/yui/license.(?:html|txt)\nversion: (§§version§§)"],
			"hashes"		: {}
		}
	},
	"prototypejs" : {
		"bowername": [ "prototypejs", "prototype.js", "prototypejs-bower" ],
		"vulnerabilities" : [
			{
				"atOrAbove" : "1.6.0",
				"below" : "1.6.0.2",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2008-7220" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2008-7220/", "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/" ] },
			{
				"below" : "1.5.1.2",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2008-7220" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2008-7220/", "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/" ] }
		],
		"extractors" : {
			"func"    		: [ "Prototype.Version" ],
			"uri"			: [ "/(§§version§§)/prototype(\\.min)?\\.js" ],
			"filename"		: [ "prototype-(§§version§§)(.min)?\\.js" ],
			"filecontent"	: [ "Prototype JavaScript framework, version (§§version§§)",
								"Prototype[ ]?=[ ]?\\{[ \r\n\t]*Version:[ ]?(?:'|\")(§§version§§)(?:'|\")" ],
			"hashes"		: {}
		}
	},
	"ember" : {
		"vulnerabilities" : [
			{
				"atOrAbove" : "1.8.0",
				"below" :"1.11.4",
				"severity" : "medium",
				"identifiers": {"CVE": [ "CVE-2015-7565" ] },
				"info": [ "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY" ]
			},
			{
				"atOrAbove" : "1.12.0",
				"below" :"1.12.2",
				"severity" : "medium",
				"identifiers": {"CVE": [ "CVE-2015-7565" ] },
				"info": [ "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY" ]
			},
			{
				"atOrAbove" : "1.13.0",
				"below" : "1.13.12",
				"severity" : "medium",
				"identifiers": {"CVE": [ "CVE-2015-7565" ] },
				"info": [ "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY" ]
			},
			{
				"atOrAbove" : "2.0.0",
				"below" : "2.0.3",
				"severity" : "medium",
				"identifiers": {"CVE": [ "CVE-2015-7565" ] },
				"info": [ "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY" ]
			},
			{
				"atOrAbove" : "2.1.0",
				"below" : "2.1.2",
				"severity" : "medium",
				"identifiers": {"CVE": [ "CVE-2015-7565" ] },
				"info": [ "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY" ]
			},
			{
				"atOrAbove" : "2.2.0",
				"below" : "2.2.1",
				"severity" : "medium",
				"identifiers": {"CVE": [ "CVE-2015-7565" ] },
				"info": [ "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY" ]
			},
			{
				"below" : "1.5.0",
				"severity": "medium",
				"identifiers": {
					"CVE": [ "CVE-2014-0046" ],
					"summary": "ember-routing-auto-location can be forced to redirect to another domain"
				},
				"info" : [ "https://github.com/emberjs/ember.js/blob/v1.5.0/CHANGELOG.md" ]
			},
			{
				"atOrAbove" : "1.3.0-*",
				"below" : "1.3.2",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2014-0046" ] },
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ" ]
			},
			{
				"atOrAbove" : "1.2.0-*",
				"below" : "1.2.2",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2014-0046" ] },
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ" ] },
			{
				"atOrAbove" : "1.4.0-*",
				"below" : "1.4.0-beta.2",
				"severity": "high",
				"identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
			},
			{
				"atOrAbove" : "1.3.0-*",
				"below" : "1.3.1",
				"severity": "high",
				"identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
			},
			{
				"atOrAbove" : "1.2.0-*",
				"below" : "1.2.1",
				"severity": "high",
				"identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
			},
			{
				"atOrAbove" : "1.1.0-*",
				"below" : "1.1.3",
				"severity": "high",
				"identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
			},
			{
				"atOrAbove" : "1.0.0-*",
				"below" : "1.0.1",
				"severity": "high",
				"identifiers": {"CVE": ["CVE-2014-0013", "CVE-2014-0014"]},
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4", "https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4" ]
			},
			{
				"atOrAbove" : "1.0.0-rc.1",
				"below" : "1.0.0-rc.1.1",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2013-4170" ] },
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
			},
			{
				"atOrAbove" : "1.0.0-rc.2",
				"below" : "1.0.0-rc.2.1",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2013-4170" ] },
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
			},
			{
				"atOrAbove" : "1.0.0-rc.3",
				"below" : "1.0.0-rc.3.1",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2013-4170" ] },
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
			},
			{
				"atOrAbove" : "1.0.0-rc.4",
				"below" : "1.0.0-rc.4.1",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2013-4170" ] },
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
			},
			{
				"atOrAbove" : "1.0.0-rc.5",
				"below" : "1.0.0-rc.5.1",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2013-4170" ] },
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
			},
			{
				"atOrAbove" : "1.0.0-rc.6",
				"below" : "1.0.0-rc.6.1",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2013-4170" ] },
				"info" : [ "https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM" ]
			},
			{
				"below" : "0.9.7.1",
				"info" : [ "https://github.com/emberjs/ember.js/blob/master/CHANGELOG" ]
			},
			{
				"below" : "0.9.7",
				"severity": "high",
				"identifiers": {
					"bug": "699",
					"summary": "Bound attributes aren't escaped properly"
				},
				"info" : [ "https://github.com/emberjs/ember.js/issues/699" ]
			}
		],
		"extractors" : {
			"func"			: [ "Ember.VERSION" ],
			"uri"			: [ "/(?:v)?(§§version§§)/ember(\\.min)?\\.js" ],
			"filename"		: [ "ember-(§§version§§)(\\.min)?\\.js" ],
			"filecontent"	: [
				"Project:   Ember -(?:.*\n){9,11}// Version: v(§§version§§)",
				"// Version: v(§§version§§)(.*\n){10,15}(Ember Debug|@module ember|@class ember)",
				"Ember.VERSION[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")"
			],
			"hashes"		: {}
		}
	},
	"dojo" : {
		"vulnerabilities" : [
			{
				"atOrAbove" : "0.4",
				"below" : "0.4.4",
				"severity": "high",
				"identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2272"]},
				"info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2272/" ]
			},
			{
				"atOrAbove" : "1.0",
				"below" : "1.0.3",
				"severity": "high",
				"identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
				"info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
			},
			{
				"atOrAbove" : "1.1",
				"below" : "1.1.2",
				"severity": "high",
				"identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
				"info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
			},
			{
				"atOrAbove" : "1.2",
				"below" : "1.2.4",
				"severity": "high",
				"identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
				"info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
			},
			{
				"atOrAbove" : "1.3",
				"below" : "1.3.3",
				"severity": "high",
				"identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
				"info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
			},
			{
				"atOrAbove" : "1.4",
				"below" : "1.4.2",
				"severity": "high",
				"identifiers": {"CVE": ["CVE-2010-2276", "CVE-2010-2274", "CVE-2010-2273"]},
				"info" : [ "http://dojotoolkit.org/blog/dojo-security-advisory", "http://www.cvedetails.com/cve/CVE-2010-2276/", "http://www.cvedetails.com/cve/CVE-2010-2274/", "http://www.cvedetails.com/cve/CVE-2010-2273/" ]
			},
			{
				"below" : "1.4.2",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2010-2275" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2010-2275/"]
			},
			{
				"below" : "1.1",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2008-6681" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2008-6681/"]
			},
			{
				"below" : "1.10.10",
				"severity": "medium",
				"identifiers": { "PR" : "307" },
				"info" : [ "https://github.com/dojo/dojo/pull/307" , "https://dojotoolkit.org/blog/dojo-1-14-released"]
			},
			{
				"atOrAbove" : "1.11.0",
				"below" : "1.11.6",
				"severity": "medium",
				"identifiers": { "PR" : "307" },
				"info" : [ "https://github.com/dojo/dojo/pull/307" , "https://dojotoolkit.org/blog/dojo-1-14-released"]
			},
			{
				"atOrAbove" : "1.12.0",
				"below" : "1.12.4",
				"severity": "medium",
				"identifiers": { "PR" : "307" },
				"info" : [ "https://github.com/dojo/dojo/pull/307" , "https://dojotoolkit.org/blog/dojo-1-14-released"]
			},
			{
				"atOrAbove" : "1.13.0",
				"below" : "1.13.1",
				"severity": "medium",
				"identifiers": { "PR" : "307" },
				"info" : [ "https://github.com/dojo/dojo/pull/307" , "https://dojotoolkit.org/blog/dojo-1-14-released"]
			},
      {
        "below" : "1.14",
        "severity": "medium",
        "identifiers": { "CVE": ["CVE-2018-15494"] },
        "info" : [ "https://dojotoolkit.org/blog/dojo-1-14-released" ]
      }
		],
		"extractors" : {
			"func"				 : [ "dojo.version.toString()" ],
			"uri"				 : [ "/(?:dojo-)?(§§version§§)/dojo(\\.min)?\\.js" ],
			"filename"			 : [ "dojo-(§§version§§)(\\.min)?\\.js" ],
			"filecontentreplace" : [ "/dojo.version=\\{major:([0-9]+),minor:([0-9]+),patch:([0-9]+)/$1.$2.$3/"],
			"hashes"			 : {
				"73cdd262799aab850abbe694cd3bfb709ea23627" : "1.4.1",
				"c8c84eddc732c3cbf370764836a7712f3f873326" : "1.4.0",
				"d569ce9efb7edaedaec8ca9491aab0c656f7c8f0" : "1.0.0",
				"ad44e1770895b7fa84aff5a56a0f99b855a83769" : "1.3.2",
				"8fc10142a06966a8709cd9b8732f7b6db88d0c34" : "1.3.1",
				"a09b5851a0a3e9d81353745a4663741238ee1b84" : "1.3.0",
				"2ab48d45abe2f54cdda6ca32193b5ceb2b1bc25d" : "1.2.3",
				"12208a1e649402e362f528f6aae2c614fc697f8f" : "1.2.0",
				"72a6a9fbef9fa5a73cd47e49942199147f905206" : "1.1.1"
			}

		}
	},
	"angularjs" : {
		"bowername": [ "angularjs", "angular.js" ],
		"vulnerabilities" : [
			{
				"below" : "1.8.0",
				"severity": "medium",
				"identifiers": {
					"summary": "angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one.",
					"CVE": [ "CVE-2020-7676" ] 
				},
				"info" : [ "https://nvd.nist.gov/vuln/detail/CVE-2020-7676" ]	
			},	
			{
				"below" : "1.7.9",
				"severity": "medium",
				"identifiers": {
					"summary": "Prototype pollution"
				},
				"info" : [ "https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cfd5e2e592841db743a", "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19" ]
			},
			{
				"atOrAbove" : "1.5.0",
				"below" : "1.6.9",
				"severity": "low",
				"identifiers": {
					"summary": "XSS through SVG if enableSvg is set"
				},
				"info" : [ "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#169-fiery-basilisk-2018-02-02", "https://vulnerabledoma.in/ngSanitize1.6.8_bypass.html" ]
			},
			{
				"atOrAbove" : "1.3.0",
				"below" : "1.5.0-rc2",
				"severity": "medium",
				"identifiers": {
					"summary": "The attribute usemap can be used as a security exploit"
				},
				"info" : [ "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21" ]
			},
			{
				"atOrAbove" : "1.0.0",
				"below" : "1.2.30",
				"severity": "medium",
				"identifiers": {
					"summary": "The attribute usemap can be used as a security exploit"
				},
				"info" : [ "https://github.com/angular/angular.js/blob/master/CHANGELOG.md#1230-patronal-resurrection-2016-07-21" ]
			},
			{
				"below" : "1.6.3",
				"severity": "medium",
				"identifiers": {
					"summary": "Universal CSP bypass via add-on in Firefox"
				},
				"info" : [ "https://github.com/mozilla/addons-linter/issues/1000#issuecomment-282083435", "http://pastebin.com/raw/kGrdaypP" ]
			},
			{
				"below" : "1.6.3",
				"severity": "medium",
				"identifiers": {
					"summary": "DOS in $sanitize"
				},
				"info" : [ "https://github.com/angular/angular.js/blob/master/CHANGELOG.md", "https://github.com/angular/angular.js/pull/15699" ]
			},
			{
				"below" : "1.6.5",
				"severity": "low",
				"identifiers": {
					"summary": "XSS in $sanitize in Safari/Firefox"
				},
				"info" : [ "https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94" ]
			}
		],
		"extractors" : {
			"func"			: [ "angular.version.full" ],
			"uri"			: [ "/(§§version§§)/angular(\\.min)?\\.js" ],
			"filename"		: [ "angular(?:js)?-(§§version§§)(.min)?\\.js" ],
			"filecontent"	: [
				"/\\*[ \n]+AngularJS v(§§version§§)",
				"http://errors\\.angularjs\\.org/(§§version§§)/"
			],
			"hashes"		: {}
		}
	},
	"backbone.js" : {
		"bowername": [ "backbonejs", "backbone" ],
		"vulnerabilities" : [
			{
				"below" : "0.5.0",
				"severity": "medium",
				"identifiers": {
					"release": "0.5.0",
					"summary": "cross-site scripting vulnerability"
				},
				"info" : [ "http://backbonejs.org/#changelog" ]
			}
		],
		"extractors" : {
			"func"			: [ "Backbone.VERSION" ],
			"uri"			: [ "/(§§version§§)/backbone(\\.min)?\\.js" ],
			"filename"		: [ "backbone(?:js)?-(§§version§§)(.min)?\\.js" ],
			"filecontent"	: [ "//[ ]+Backbone.js (§§version§§)", "a=t.Backbone={}}a.VERSION=\"(§§version§§)\"" ],
			"hashes"		: {}
		}
	},
	"mustache.js" : {
		"bowername": [ "mustache.js", "mustache" ],
		"vulnerabilities" : [
			{
				"below" : "0.3.1",
				"severity": "high",
				"identifiers": {
					"bug": "112",
					"summary": "execution of arbitrary javascript"
				},
				"info" : [ "https://github.com/janl/mustache.js/issues/112" ]
			},
			{
				"below" : "2.2.1",
				"severity": "medium",
				"identifiers": {
					"bug": "pull request 530",
					"summary": "weakness in HTML escaping"
				},
				"info" : [ "https://github.com/janl/mustache.js/releases/tag/v2.2.1", "https://github.com/janl/mustache.js/pull/530" ]
			}
		],
		"extractors" : {
			"func"			: [ "Mustache.version" ],
			"uri"			: [ "/(§§version§§)/mustache(\\.min)?\\.js" ],
			"filename"		: [ "mustache(?:js)?-(§§version§§)(.min)?\\.js" ],
			"filecontent"	: [ "name:\"mustache.js\",version:\"(§§version§§)\"",
								"[^a-z]mustache.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\")",
								"exports.name[ ]?=[ ]?\"mustache.js\";[\n ]*exports.version[ ]?=[ ]?(?:'|\")(§§version§§)(?:'|\");"
								],
			"hashes"		: {}
		}
	},
	"handlebars" : {
		"bowername": [ "handlebars", "handlebars.js" ],
		"vulnerabilities" : [
			{
				"below" : "1.0.0.beta.3",
				"severity": "medium",
				"identifiers": {
					"summary": "poorly sanitized input passed to eval()"
				},
				"info" : [ "https://github.com/wycats/handlebars.js/pull/68" ]
			},
			{
				"below" : "4.0.0",
				"severity": "medium",
				"identifiers": {
					"summary": "Quoteless attributes in templates can lead to XSS"
				},
				"info" : [ "https://github.com/wycats/handlebars.js/pull/1083" ]
			},
			{
				"atOrAbove" : "4.0.0",
				"below" : "4.0.13",
				"severity": "high",
				"identifiers": {
					"summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template"
				},
				"info" : [
					"https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692",
					"https://github.com/wycats/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86"
				]
			},
			{
				"atOrAbove" : "4.0.0",
				"below" : "4.0.14",
				"severity": "high",
				"identifiers": {
					"summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template"
				},
				"info" : [
					"https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183",
					"https://github.com/wycats/handlebars.js/issues/1495",
					"https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e"
				]
			},
			{
				"atOrAbove" : "4.1.0",
				"below" : "4.1.2",
				"severity": "high",
				"identifiers": {
					"summary": "A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template"
				},
				"info" : [
					"https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183",
					"https://github.com/wycats/handlebars.js/issues/1495",
					"https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e"
				]
			},
			{
				"below" : "4.3.0",
				"severity": "low",
				"identifiers": {
					"summary": "Disallow calling helperMissing and blockHelperMissing directly"
				},
				"info" : [
					"https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v430---september-24th-2019"
				]
			},
			{
				"below" : "4.5.3",
				"severity": "medium",
				"identifiers": {
					"summary": "Prototype pollution"
				},
				"info" : [
					"https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v453---november-18th-2019"
				]
			}
		],
		"extractors" : {
			"func"			: [ "Handlebars.VERSION" ],
			"uri"			: [ "/(§§version§§)/handlebars(\\.min)?\\.js" ],
			"filename"		: [ "handlebars(?:js)?-(§§version§§)(.min)?\\.js" ],
			"filecontent"	: [
				"Handlebars.VERSION = \"(§§version§§)\";", "Handlebars=\\{VERSION:(?:'|\")(§§version§§)(?:'|\")",
				"this.Handlebars=\\{\\};[\n\r \t]+\\(function\\([a-z]\\)\\{[a-z].VERSION=(?:'|\")(§§version§§)(?:'|\")",
				"/\\*+![\\s]+(?:@license)?[\\s]+handlebars v(§§version§§)"
			],
			"hashes"		: {}
		}
	},
	"easyXDM" : {
		"vulnerabilities" : [
			{
				"below" : "2.4.18",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2013-5212" ] },
				"info" : [ "http://blog.kotowicz.net/2013/09/exploiting-easyxdm-part-1-not-usual.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5212" ]
			},
			{
				"below" : "2.4.19",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2014-1403" ] },
				"info" : [ "http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1403" ]
			}
		],
		"extractors" : {
			"uri"			: [ "/(?:easyXDM-)?(§§version§§)/easyXDM(\\.min)?\\.js" ],
			"filename"		: [ "easyXDM-(§§version§§)(.min)?\\.js" ],
			"filecontent"	: [ " \\* easyXDM\n \\* http://easyxdm.net/(?:\r|\n|.)+version:\"(§§version§§)\"",
								"@class easyXDM(?:.|\r|\n)+@version (§§version§§)(\r|\n)" ],
			"hashes"		: { "cf266e3bc2da372c4f0d6b2bd87bcbaa24d5a643" : "2.4.6"}
		}
	},

	"plupload" : {
		"bowername": [ "Plupload", "plupload" ],
		"vulnerabilities" : [
			{
				"below" : "1.5.4",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2012-2401" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2012-2401/" ]
			},
			{
				"below" : "1.5.5",
				"severity": "high",
				"identifiers": {"CVE": [ "CVE-2013-0237" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2013-0237/" ]
			},
			{
				"below" : "2.1.9",
				"severity": "medium",
				"identifiers": {"CVE": [ "CVE-2016-4566" ] },
				"info" : [ "https://github.com/moxiecode/plupload/releases" ]
			}
		],
		"extractors" : {
			"func"			: [ "plupload.VERSION" ],
			"uri"			: [ "/(§§version§§)/plupload(\\.min)?\\.js" ],
			"filename"		: [ "plupload-(§§version§§)(.min)?\\.js" ],
			"filecontent"	: [ "\\* Plupload - multi-runtime File Uploader(?:\r|\n)+ \\* v(§§version§§)",
								"var g=\\{VERSION:\"(§§version§§)\",.*;window.plupload=g\\}"
								],
			"hashes"		: {}
		}
	},

	"DOMPurify" : {
		"bowername": [ "dompurify", "DOMPurify" ],
		"vulnerabilities" : [
			{
				"below" : "0.6.1",
				"severity": "medium",
				"identifiers": { },
				"info" : [ "https://github.com/cure53/DOMPurify/releases/tag/0.6.1" ]
			},
			{
				"below" : "0.8.6",
				"severity": "medium",
				"identifiers": { },
				"info" : [ "https://github.com/cure53/DOMPurify/releases/tag/0.8.6" ]
			},
			{
				"below" : "0.8.9",
				"severity": "low",
				"identifiers": { "summary": "safari UXSS" },
				"info" : [ "https://github.com/cure53/DOMPurify/releases/tag/0.8.9", "https://lists.ruhr-uni-bochum.de/pipermail/dompurify-security/2017-May/000006.html" ]
			},
			{
				"below" : "0.9.0",
				"severity": "low",
				"identifiers": { "summary": "safari UXSS" },
				"info" : [ "https://github.com/cure53/DOMPurify/releases/tag/0.9.0" ]
			}
		],
		"extractors" : {
			"func"			: [ "DOMPurify.version" ],
			"filecontent"	: [
				"DOMPurify.version = '(§§version§§)';",
				"DOMPurify.version=\"(§§version§§)\"",
				"DOMPurify=.[^\\r\\n]{10,500}\\.version=\"(§§version§§)\""
			],
			"hashes"		: {}
		}
	},

	"react" : {
		"vulnerabilities" : [
			{
				"atOrAbove" : "0.4.0", "below" : "0.4.2",
				"severity" : "low",
				"identifiers" : {
					"CVE": [ "CVE-2013-7035" ] ,
					"summary":"potential XSS vulnerability can arise when using user data as a key"
				},
				"info": [ "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html" ]
			},
			{
				"atOrAbove" : "0.5.0", "below" : "0.5.2",
				"severity" : "low",
				"identifiers" : {
					"CVE": [ "CVE-2013-7035" ],
					"summary":"potential XSS vulnerability can arise when using user data as a key"
				},
				"info": [ "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html" ]
			},
			{
				"below" : "0.14.0",
				"severity" : "low",
				"identifiers" : { "summary":" including untrusted objects as React children can result in an XSS security vulnerability" },
				"info": [ "http://danlec.com/blog/xss-via-a-spoofed-react-element", "https://facebook.github.io/react/blog/2015/10/07/react-v0.14.html" ]
			},
			{
				"atOrAbove" : "16.0.0", "below" : "16.0.1",
				"severity" : "low",
				"identifiers" : {
					"CVE": [ "CVE-2018-6341" ],
					"summary":"potential XSS vulnerability when the attacker controls an attribute name"
				},
				"info": [ "https://github.com/facebook/react/blob/master/CHANGELOG.md", "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html" ]
			},
			{
				"atOrAbove" : "16.1.0", "below" : "16.1.2",
				"severity" : "low",
				"identifiers" : {
					"CVE": [ "CVE-2018-6341" ],
					"summary":"potential XSS vulnerability when the attacker controls an attribute name"
				},
				"info": [ "https://github.com/facebook/react/blob/master/CHANGELOG.md", "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html" ]
			},
			{
				"atOrAbove" : "16.2.0", "below" : "16.2.1",
				"severity" : "low",
				"identifiers" : {
					"CVE": [ "CVE-2018-6341" ],
					"summary":"potential XSS vulnerability when the attacker controls an attribute name"
				},
				"info": [ "https://github.com/facebook/react/blob/master/CHANGELOG.md", "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html" ]
			},
			{
				"atOrAbove" : "16.3.0", "below" : "16.3.3",
				"severity" : "low",
				"identifiers" : {
					"CVE": [ "CVE-2018-6341" ],
					"summary":"potential XSS vulnerability when the attacker controls an attribute name"
				},
				"info": [ "https://github.com/facebook/react/blob/master/CHANGELOG.md", "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html" ]
			},
			{
				"atOrAbove" : "16.4.0", "below" : "16.4.2",
				"severity" : "low",
				"identifiers" : {
					"CVE": [ "CVE-2018-6341" ],
					"summary":"potential XSS vulnerability when the attacker controls an attribute name"
				},
				"info": [ "https://github.com/facebook/react/blob/master/CHANGELOG.md", "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html" ]
			}
		],
		"extractors" : {
			"func" : [
				"react.version",
				"require('react').version"
			],
			"filecontent" : [
				"/\\*\\*\n +\\* React \\(with addons\\) ?v(§§version§§)",
				"/\\*\\*\n +\\* React v(§§version§§)",
				"\"\\./ReactReconciler\":[0-9]+,\"\\./Transaction\":[0-9]+,\"fbjs/lib/invariant\":[0-9]+\\}\\],[0-9]+:\\[function\\(require,module,exports\\)\\{\"use strict\";module\\.exports=\"(§§version§§)\"\\}",
				"ReactVersion\\.js[\\*! \\\\/\n\r]{0,100}function\\(e,t\\)\\{\"use strict\";e\\.exports=\"(§§version§§)\"",
				"expected a ReactNode.[\\s\\S]{0,1800}?function\\(e,t\\)\\{\"use strict\";e\\.exports=\"(§§version§§)\""
			]
		}
	},

	"flowplayer" : {
		"vulnerabilities" : [
			{
				"below" : "5.4.3",
				"severity": "medium",
				"identifiers": { "summary" : "XSS vulnerability in Flash fallback" },
				"info" : [ "https://github.com/flowplayer/flowplayer/issues/381" ]
			}
		],
		"extractors" : {
			"uri"			    : [ "flowplayer-(§§version§§)(\\.min)?\\.js" ],
			"filename"		: [ "flowplayer-(§§version§§)(\\.min)?\\.js" ]
		}
	},

	"DWR" : {
		"vulnerabilities" : [
			{
				"below" : "1.1.4",
				"severity": "high",
				"identifiers": { "CVE" : [ "CVE-2007-01-09" ] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2014-5326/", "http://www.cvedetails.com/cve/CVE-2014-5326/" ]
			},
			{
				"below" : "2.0.11",
				"severity": "medium",
				"identifiers": { "CVE" : ["CVE-2014-5326", "CVE-2014-5325"] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2014-5326/", "http://www.cvedetails.com/cve/CVE-2014-5326/" ]
			},
			{
				"above" : "3",
				"below" : "3.0.RC3",
				"severity": "medium",
				"identifiers": { "CVE" : ["CVE-2014-5326", "CVE-2014-5325"] },
				"info" : [ "http://www.cvedetails.com/cve/CVE-2014-5326/", "http://www.cvedetails.com/cve/CVE-2014-5326/" ]
			}
		],
		"extractors" : {
			"func"			: [ "dwr.version" ],
			"filecontent"	: [
				" dwr-(§§version§§).jar"
			]
		}
	},

	"moment.js" : {
		"bowername": [ "moment", "momentjs" ],
		"vulnerabilities" : [
			{
				"below" : "2.11.2",
				"severity": "low",
				"identifiers": { "summary":"reDOS - regular expression denial of service" },
				"info" : [ "https://github.com/moment/moment/issues/2936" ]
			}
		],
		"extractors" : {
			"func"			: [ "moment.version" ],
			"filecontent"	: [ "//! moment.js(?:[\n\r]+)//! version : (§§version§§)" ]
		}
	},

	"bootstrap": {
		"vulnerabilities" : [
			{
				"below" : "4.3.1",
				"atOrAbove" : "4.0.0",
				"identifiers": {
					"issue" : "28236",
					"summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
					"CVE" : ["CVE-2019-8331"]
				},
				"severity" : "high",
				"info" : [ "https://github.com/twbs/bootstrap/issues/28236" ]
			},
			{
				"below" : "3.4.1",
				"identifiers": {
					"issue" : "28236",
					"summary": "XSS in data-template, data-content and data-title properties of tooltip/popover",
					"CVE" : ["CVE-2019-8331"]
				},
				"severity" : "high",
				"info" : [ "https://github.com/twbs/bootstrap/issues/28236" ]
			},
			{
				"below" : "4.1.2",
				"atOrAbove" : "4.0.0",
				"identifiers": {
					"issue" : "20184",
					"summary": "XSS in data-target property of scrollspy",
					"CVE" : ["CVE-2018-14041"]
				},
				"severity" : "medium",
				"info" : [ "https://github.com/twbs/bootstrap/issues/20184" ]
			},
			{
				"below" : "3.4.0",
				"identifiers": {
					"issue" : "20184",
					"summary": "XSS in data-target property of scrollspy",
					"CVE" : ["CVE-2018-14041"]
				},
				"severity" : "medium",
				"info" : [ "https://github.com/twbs/bootstrap/issues/20184" ]
			},
			{
				"below" : "4.1.2",
				"atOrAbove" : "4.0.0",
				"identifiers": {
					"issue" : "20184",
					"summary": "XSS in collapse data-parent attribute",
					"CVE" : ["CVE-2018-14040"]
				},
				"severity" : "medium",
				"info" : [ "https://github.com/twbs/bootstrap/issues/20184" ]
			},
			{
				"below" : "3.4.0",
				"identifiers": {
					"issue" : "20184",
					"summary": "XSS in collapse data-parent attribute",
					"CVE" : ["CVE-2018-14040"]
				},
				"severity" : "medium",
				"info" : [ "https://github.com/twbs/bootstrap/issues/20184" ]
			},
			{
				"below" : "4.1.2",
				"atOrAbove" : "4.0.0",
				"identifiers": {
					"issue" : "20184",
					"summary": "XSS in data-container property of tooltip",
					"CVE" : ["CVE-2018-14042"]
				},
				"severity" : "medium",
				"info" : [ "https://github.com/twbs/bootstrap/issues/20184" ]
			},
			{
				"below" : "3.4.0",
				"identifiers": {
					"issue" : "20184",
					"summary": "XSS in data-container property of tooltip",
					"CVE" : ["CVE-2018-14042"]
				},
				"severity" : "medium",
				"info" : [ "https://github.com/twbs/bootstrap/issues/20184" ]
			},
			{
				"below" : "2.1.0",
				"severity": "medium",
				"identifiers": {
					"summary": "cross-site scripting vulnerability"
				},
				"info" : [ "https://github.com/twbs/bootstrap/pull/3421" ]
			}
		],
		"extractors" : {
			"uri"			: [ "/(§§version§§)/bootstrap(\\.min)?\\.js", "/(§§version§§)/js/bootstrap(\\.min)?\\.js" ],
			"filename"		: [ "bootstrap-(§§version§§)(\\.min)?\\.js" ],
			"filecontent"	: [
								"/\\*!? Bootstrap v(§§version§§)",
								"\\* Bootstrap v(§§version§§)",
								"/\\*! Bootstrap v(§§version§§)"
			],
			"hashes"		: {}
		}
	},

	"ckeditor" : {
		"vulnerabilities": [
			{
				"below" : "4.4.3",
				"identifiers" : {
					"summary" : "XSS"
				},
				"severity" : "medium",
				"info": [ "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-443" ]
			},
			{
				"below" : "4.4.6",
				"identifiers" : {
					"summary" : "XSS"
				},
				"severity" : "medium",
				"info": [ "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-446" ]
			},
			{
				"below" : "4.4.8",
				"identifiers" : {
					"summary" : "XSS"
				},
				"severity" : "medium",
				"info": [ "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-448" ]
			},
			{
				"below" : "4.5.11",
				"identifiers" : {
					"summary" : "XSS"
				},
				"severity" : "medium",
				"info": [ "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md#ckeditor-4511" ]
			},
			{
				"below" : "4.9.2",
				"atOrAbove" : "4.5.11",
				"identifiers" : {
					"summary" : "XSS if the enhanced image plugin is installed"
				},
				"severity" : "medium",
				"info": [ "https://ckeditor.com/blog/CKEditor-4.9.2-with-a-security-patch-released/", "https://ckeditor.com/cke4/release-notes" ]
			},
			{
				"atOrAbove" : "4.0.0",
				"below" : "4.11.0",
				"identifiers" : {
					"summary" : "XSS vulnerability in the HTML parser"
				},
				"severity" : "medium",
				"info" : [
					"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/",
					"https://snyk.io/vuln/SNYK-JS-CKEDITOR-72618"
				]
			},
			{
				"below" : "4.14.0",
				"identifiers" : {
					"summary" : "XSS"
				},
				"severity" : "low",
				"info": [ "https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-414" ]
			}
		],
		"extractors" : {
			"uri"			: [ "/(§§version§§)/ckeditor(\\.min)?\\.js" ],
			"filename"		: [ "ckeditor-(§§version§§)(\\.min)?\\.js" ],
			"filecontent"	: [
								"ckeditor..js.{4,20}=\\{timestamp:\"[^\"]+\",version:\"(§§version§§)",
								"window.CKEDITOR=function\\(\\)\\{var [a-z]=\\{timestamp:\"[^\"]+\",version:\"(§§version§§)"
			],
			"hashes"		: {},
			"func"			: [ "CKEDITOR.version" ]
		}
	},


	"vue" : {
		"vulnerabilities" : [
			{
				"below" : "2.5.17",
				"severity" : "medium",
				"identifiers" : {
					"summary" : "potential xss in ssr when using v-bind"
				},
				"info" : [ "https://github.com/vuejs/vue/releases/tag/v2.5.17" ]
			},
			{
				"below" : "2.4.3",
				"severity" : "medium",
				"identifiers" : {
					"summary" : "possible xss vector "
				},
				"info" : [ "https://github.com/vuejs/vue/releases/tag/v2.4.3" ]
			}
		],
		"extractors" : {
			"uri"			: [
				"/vue@(§§version§§)/dist/vue\\.js"
			],
			"filename"		: [ "vue-(§§version§§)(\\.min)?\\.js" ],
			"filecontent"	: [
				"/\\*!\\n * Vue.js v(§§version§§)",
				"Vue.version = '(§§version§§)';",
				"'(§§version§§)'[^\\n]{0,8000}Vue compiler"
			],
			"func"			: [ "Vue.version" ]
		}
	},

	"ExtJS" : {
		"vulnerabilities" : [
			{
				"below"       : "6.6.0",
				"atOrAbove"   : "4.0.0",
				"severity"    : "high",
				"identifiers" : {
					"CVE"     : [
						"CVE-2018-8046"
					],
					"summary" : "XSS in Sencha Ext JS 4 to 6 via getTip() method of Action Columns"
				},
				"info"        : [
					"http://seclists.org/fulldisclosure/2018/Jul/8",
					"https://nvd.nist.gov/vuln/detail/CVE-2018-8046"
				]
			},
			{
				"below"       : "6.0.0",
				"severity"    : "high",
				"identifiers" : {
					"CVE"     : [
						"CVE-2007-2285"
					],
					"summary" : "Directory traversal and arbitrary file read"
				},
				"info"        : [
					"https://www.cvedetails.com/cve/CVE-2007-2285/",
					"https://packetstormsecurity.com/files/132052/extjs-Arbitrary-File-Read.html",
					"https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/"
				]
			},
			{
				"below"       : "4.0.0",
				"atOrAbove"   : "3.0.0",
				"severity"    : "high",
				"identifiers" : {
					"CVE"     : [
						"CVE-2010-4207",
						"CVE-2012-5881"
					],
					"summary" : "XSS vulnerability in ExtJS charts.swf"
				},
				"info"        : [
					"https://www.acunetix.com/vulnerabilities/web/extjs-charts-swf-cross-site-scripting",
					"https://typo3.org/security/advisory/typo3-core-sa-2014-001/",
					"https://www.akawebdesign.com/2018/08/14/should-js-frameworks-prevent-xss/"
				]
			}
		],
		"extractors" : {
			"uri" : [
				"/extjs/(§§version§§)/.*\\.js"
			],
			"filename" : [
				"/ext-all-(§§version§§)(\\.min)?\\.js",
				"/ext-all-debug-(§§version§§)(\\.min)?\\.js",
				"/ext-base-(§§version§§)(\\.min)?\\.js"
			],
			"filecontent" : [
				"/*!\n * Ext JS Library (§§version§§)"
			],
			"func"     : [
				"Ext && Ext.versions && Ext.versions.extjs.version",
				"Ext && Ext.version"
			]
		}
	},






	"dont check" : {
		"extractors" : {
			"uri" : [
				"^http[s]?://(ssl|www).google-analytics.com/ga.js",
				"^http[s]?://apis.google.com/js/plusone.js",
				"^http[s]?://cdn.cxense.com/cx.js"
			]
		}
	}
}

代码量不够
关注
专栏目录
使用 Maven 进行依赖漏洞检查的指南
fudaihb的博客
05-17 1662
Apache Maven 是一个流行的项目管理和构建工具,主要用于 Java 项目。它可以简化项目的依赖管理、构建、文档生成和项目报告等任务。进行依赖漏洞检查是确保软件项目安全的重要一步。通过使用 OWASP Dependency-Check 和 Sonatype Nexus IQ 这样的工具,开发者能够有效识别和修复依赖中的已知漏洞。将这些检查集成到持续集成平台中,可以确保在开发的每个阶段都进行安全审查,从而提高项目的安全性和健壮性。
devops===》dependency-check-maven项目漏洞检查
Elaina_fang✨✨✨的博客
12-24 1518
一、OWASP dependency-check-maven插件 介绍:Dependency-Check是OWASP(Open Web Application Security Project)的一个实用开源程序,用于识别项目依赖项并检查是否存在任何已知的,公开披露的漏洞。目前,已支持Java、.NET、Ruby、Node.js、Python等语言编写的程序,并为C/C++构建系统(autoconf和cmake)提供了有限的支持。而且该工具还是OWASP Top 10的解决方案的一部分。 Dependen
Maven 依赖漏洞扫描检查插件 dependency-check-maven 的使用
最新发布
小单的博客专栏
09-08 697
在现代软件开发中,开源库的使用愈加普遍,然而这些开源库中的漏洞往往会成为潜在的安全风险。如何及时的发现依赖的第三方库是否存在漏洞,就变成很重要了。本文向大家推荐一款可以进行依赖包漏洞检查的 maven 插件 dependency-check-maven。通过这个插件可以扫描出项目中是否依赖已经存在的安全漏洞包及对应版本。
jar包漏洞扫描修改
shiwei77的博客
09-27 2593
jar包漏洞扫描修改安装mavenRunHelper插件jar整改 安装mavenRunHelper插件 先准备好idea的插件 file–>setting–>plugins 将本地插件导入 导入成功后会在installed中将插件显示出来,重启idea,就可以使用了 打开pom文件,选择dependency就可以搜索本工程引入的jar包 jar整改 可以搜索扫描时被标出的jar名,该插件会完整的展示jar包在工程中的所有引用,及版本 可以直接右击选择exclude,将有问题的jar包
mosec-maven-plugin:用于检测maven项目的第三方依赖组件是否存在安全漏洞
02-05
莫斯蒙面插件 用于检测maven项目的第三方依赖组件是否存在安全漏洞。 该项目是基于的二次开发。 关于我们 网址: : 微信: 版本要求 Maven> = 3.1 安装 向pom.xml中添加plugin仓库(项目级安装) <!-- pom.xml --> < pluginRepositories> < pluginRepository> < id>gh</ id> < url>https://raw.githubusercontent.com/momosecurity/mosec-maven-plugin/master/mvn-repo/</ u
dependency-check-maven依赖漏洞扫描
Xiaojia_guniang的博客
07-23 332
改autoUpdate参数。
mosec-maven-plugin检测maven项目的第三方库漏洞
公众号shadow sock7
11-25 909
settings.xml里: <!-- 添加pluginGroup可简化命令行参数 --> <pluginGroups> <pluginGroup>com.immomo.momosec</pluginGroup> </pluginGroups> <profiles> <profile> <id>momo-plugin</id> <pluginReposi
漏洞遮盖清除Maven打包插件,Maven打包过程中清除项目中所有第三方Jar包漏洞
03-02
在完成项目开发,并准备上线时,经常需要做漏洞扫描。一旦扫描出的上千的漏洞往往会让我们不知所措。如果上线要求非常严格,针对漏扫结果,我们需要逐个jar包查找有没有对应的升级或补丁。而即便我们找到了升级Jar包...
使用Maven程序集创建漏洞评估工件
最佳 Java 编程
05-18 153
本文将讨论如何使用Maven程序集创建可提供给第三方漏洞评估站点(例如Veracode )进行审查的工件。 错误的静态分析与漏洞评估 在这一点上,每个人都知道findbug并虔诚地使用它,对吗? 对? Findbugs使用静态分析来查找错误。 更准确地说,它使用静态分析来查找可以通过静态分析发现的错误。 例如,我看到了一种常见的模式 public void foo(Object...
maven跳过NVD CVE漏洞测试
珈凝的博客
01-09 427
maven 跳过NVD CVE漏洞测试
springboot maven项目漏洞排查修复过程记录(个人笔记)
wangjw.bug
04-10 2720
在项目交付后往往会遇到第三方检测机构或者公司内部在交付之前进行的系统安全漏洞检测,本文章记录一次sprinboot maven项目的漏洞排查修复过程。
log4j2远程代码执行漏洞Maven依赖扫描脚本
BenchengZ的博客
12-14 3709
log4j2远程代码执行漏洞Maven依赖扫描脚本背景脚步代码功能快捷键合理的创建标题,有助于目录的生成如何改变文本的样式插入链接与图片如何插入一段漂亮的代码片生成一个适合你的列表创建一个表格设定内容居中、居左、居右SmartyPants创建一个自定义列表如何创建一个注脚注释也是必不可少的KaTeX数学公式新的甘特图功能,丰富你的文章UML 图表FLowchart流程图导出与导入导出导入 背景 网络有很多关于该漏洞的详细信息,此处就贴一个链接吧: 老板发了个邮件提示我们查看自己的代码是否有使用对应lib,
使用dependency-check-maven对项目进行漏洞检查
SQF2404的博客
10-28 9849
最近,公司安排对所开发项目进行漏洞检查,使用的就是开源扫描工具 OWASP Dependency-Check。使用方式有多种,鉴于项目是用maven进行管理的,我使用的是maven插件的方式,使用方式很简单,把大象装冰箱总共分3步,这里使用maven插件只需2步即可。 1、.在pom.xml增加dependency-check-maven插件的配置,如下: <plugin> <groupId>org.owasp</g
要注意maven各类第三方插件中的安全漏洞
jackyrongvip的专栏
04-19 1029
1、比如,在下面这个分析结果中,通过mvn dependency:analyze的分析,我们发现了 JUnit 和 Logback 这类“虽然被引用但却没有被使用”的插件。既然没有被使用,那我们 就可以很放心地进行删除了。 第二步:管理插件补丁更新 一旦某个插件出现漏洞,通常插件的运维方都会尽快推出补丁。有的公司还会设立专门的部 门和人员进行补丁管理的工作。一旦出现漏洞和补丁,公司会先评估漏洞的严...
maven配置阿里云镜像仓库下载开发包(springboot)漏洞修复
qq_40237472的博客
02-10 1295
由于修复漏洞的需要,必须要更新导入fastjson.jar 1.2.61以上版本的开发包。几次下载以及删除本地仓库中的开发包文件后下载,都无法下载。甚至导致项目缺包无法启动。以下是关于fastjson.jar开发包漏洞说明: 猜测可能是由于网络封锁的缘故,导致pom文件无法通过以下maven坐标下载: <dependency> <groupId>com.al...
DependencyCheck - 自动检测依赖项中的漏洞
gitblog_00078的博客
03-17 636
DependencyCheck - 自动检测依赖项中的漏洞 DependencyCheckOWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.项目地址:https:/...
使用DependencyCheck工具检测JAR依赖包的安全漏洞
晓郎编程
05-04 2090
Dependency-Check 是一款开源工具,用于检测软件项目中第三方库和组件的安全漏洞。通过分析项目依赖关系,它与已知漏洞数据库比对,发现存在漏洞的依赖项,并提供修复建议,帮助团队及时解决安全风险,提升软件安全性。
dependency-check-maven安全漏洞扫描工具介绍
热门推荐
Java技术栈,分享不断学习、不断超越、不断积累的历程!
05-03 1万+
目录dependency-check-maven安全漏洞扫描工具介绍dependency-check-maven插件重点参数解析运行命令检查单个maven工程安全漏洞检查多个maven子工程汇总一个报告扫描报告示例 dependency-check-maven安全漏洞扫描工具介绍 dependency-check官网下载地址: https://owasp.org/www-project-dependency-check 这个工具支持多种方式,本文主要介绍使用maven插件的使用方式 dependency-c
maven不扫描本地仓库
09-27
如果你想让Maven不扫描本地仓库,可以在Maven的配置文件setting.xml中进行相应的配置更改。你可以按照以下步骤进行操作: 1. 打开Maven的配置文件setting.xml。通常该文件位于Maven安装目录下的conf文件夹中。 2. 在setting.xml文件中找到<localRepository>标签,它指定了本地仓库的路径。 3. 如果你想让Maven不扫描本地仓库,可以将<localRepository>标签中的路径改为一个不存在的路径或者注释掉该行配置。 4. 保存并关闭setting.xml文件。 这样一来,当你使用Maven时,它将不会扫描本地仓库。
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值