Google Git
Sign in
apache / myfaces-html5 / b0447c94b32f1ece750c26255cb4c7fc01a6ad60
commitb0447c94b32f1ece750c26255cb4c7fc01a6ad60[log] [tgz]
authorJonathan Leitschuh <jonathan.leitschuh@gmail.com>Sat Dec 16 16:54:48 2023 -0500
committerGitHub <noreply@github.com>Sat Dec 16 16:54:48 2023 -0500
tree56118776db4facf49e0e6a6ded2a4fba40dd35c3
parenta41da3706ea99b631d113baef0af946dc2a2d19f [diff]
vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291 (#3)

This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.

Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSS: 8.1
Detection: CodeQL & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)

Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>


Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8
Detection: CodeQL (https://codeql.github.com/codeql-query-help/java/java-maven-non-https-url/) & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)

Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>


Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8


Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/IfHkrYfxx?organizationId=QWxsIEdpdEh1Yg%3D%3D

Co-authored-by: Moderne <team@moderne.io>
1 file changed
tree: 56118776db4facf49e0e6a6ded2a4fba40dd35c3
  1. myfaces-html5-core/
  2. myfaces-html5-demo/
  3. src/
  4. pom.xml