Description
**
implementation("com.aliyun:alimt20181012:1.4.0")
implementation("com.aliyun:tea-openapi:0.3.7")
**
引用这两个都会报名问题
CVE-2023-0833
4.7
可传递 Generation of Error Message Containing Sensitive Information
依赖项 maven:com.squareup.okhttp3:okhttp:3.12.13 vulnerable
升级到 4.9.2
CVE-2023-0833,分数: 4.7
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
阅读更多: https://www.mend.io/vulnerability-database/CVE-2023-0833?utm_source=JetBrains
结果由 Mend.io 提供技术支持
依赖项 maven:com.squareup.okio:okio:1.15.0 vulnerable
升级到 3.4.0
CVE-2023-3635,分数: 5.9
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
阅读更多: https://www.mend.io/vulnerability-database/CVE-2023-3635?utm_source=JetBrains
结果由 Mend.io 提供技术支持