Skip to content

Update main.yml #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nishfath wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update main.yml #16

nishfath wants to merge 1 commit into from

Conversation

@nishfath
Copy link
Owner

@nishfath nishfath commented Jan 31, 2024

No description provided.

@github-actions
Copy link

github-actions bot commented Jan 31, 2024

Qwiet LogoQwiet Logo

Checking analysis of application java-sec-code-test against 1 build rules.

Using sl version 0.9.2252 (cbe3c4684fa127534e54c057489ae07733598a4a).

Checking findings on scan 8.

Results per rule:

  • report: FAIL
    (509 matched vulnerabilities; configured threshold is 0).

    First 5 findings:

        ID   CVSS    Rating    CVE              Title                                                                                                                                                     
     255   10.0   critical   CVE-2018-14721   FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to b…
     547   10.0   critical   CVE-2021-44228   Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser.                                             
     554   10.0   critical   CVE-2021-44228   Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser.                                             
     661   10.0   critical   GMS-2022-559     Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework:spring-core.                            
     663   10.0   critical   GMS-2022-558     Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework:spring-beans.                           
     Severity rating   Count 
     Critical             91 
     High                184 
     Medium              122 
     Low                 111 
     Finding Type   Count 
     Oss_vuln         300 
     Vuln             208 
     Secret             1 
     OWASP 2021 Category                              Count 
     A09-Security-Logging-And-Monitoring-Failures        53 
     A03-Injection                                       50 
     A01-Broken-Access-Control                           49 
     A05-Security-Misconfiguration                       25 
     A10-Server-Side-Request-Forgery-(Ssrf)              21 
     A08-Software-And-Data-Integrity-Failures             8 
     A07-Identification-And-Authentication-Failures       1 
     A02-Cryptographic-Failures                           1 

1 rule failed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nishfath