commit | b0447c94b32f1ece750c26255cb4c7fc01a6ad60 | [log] [tgz] |
---|---|---|
author | Jonathan Leitschuh <jonathan.leitschuh@gmail.com> | Sat Dec 16 16:54:48 2023 -0500 |
committer | GitHub <noreply@github.com> | Sat Dec 16 16:54:48 2023 -0500 |
tree | 56118776db4facf49e0e6a6ded2a4fba40dd35c3 | |
parent | a41da3706ea99b631d113baef0af946dc2a2d19f [diff] |
vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291 (#3) This fixes a security vulnerability in this project where the `pom.xml` files were configuring Maven to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSS: 8.1 Detection: CodeQL & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories) Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8 Detection: CodeQL (https://codeql.github.com/codeql-query-help/java/java-maven-non-https-url/) & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories) Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8 Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/IfHkrYfxx?organizationId=QWxsIEdpdEh1Yg%3D%3D Co-authored-by: Moderne <team@moderne.io>