mirror of
https://github.com/moshowgame/SpringBootCodeGenerator.git
synced 2025-12-26 13:52:39 +08:00
vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291
This fixes a security vulnerability in this project where the `pom.xml` files were configuring Maven to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSS: 8.1 Detection: CodeQL & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories) Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8 Detection: CodeQL (https://codeql.github.com/codeql-query-help/java/java-maven-non-https-url/) & OpenRewrite (https://app.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories) Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8 Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/IfHkrYfxx?organizationId=QWxsIEdpdEh1Yg%3D%3D Co-authored-by: Moderne <team@moderne.io>
This commit is contained in:
Jonathan Leitschuh
parent
3af7114c7f
commit
536ab42ec1
2
pom.xml
2
pom.xml
@ -131,7 +131,7 @@
|
|||||||
<repository>
|
<repository>
|
||||||
<id>alimaven</id>
|
<id>alimaven</id>
|
||||||
<name>aliyun maven</name>
|
<name>aliyun maven</name>
|
||||||
<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
|
<url>https://maven.aliyun.com/nexus/content/groups/public/</url>
|
||||||
</repository>
|
</repository>
|
||||||
</repositories>
|
</repositories>
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user