Light

sindazeng / xhuicloud Goto Github PK

🎉(星辉云)，基于SpringBoot、SpringCloudAlibaba、SpringAuthorizationServer的微服务开发框架， RBAC权限管理系统、支持OAuth2.0协议、支持多种社交登录，拥有众多常用的第三方自动装配包，即下即用、简单便捷、如果觉得可以帮助到您，麻烦右上角点个star、关注后续更新~:sparkles::sparkles::sparkles:

License: MIT License

Java 62.86% CSS 1.80% FreeMarker 3.20% JavaScript 28.24% HTML 3.76% Dockerfile 0.14%

nacos rabbitmq redis springcloud mybatis springboot java oauth2 swagger2

xhuicloud's Introduction

Hi there 👋

👨🏻‍💻 I’m a java developer, But sometimes I'm also a web developer
💬 You can ask me questions by email
📫 How to reach me: [email protected] & [email protected]
😄 Skill:
- java : Spring、SpringBoot、SpringCloud & SpringCloudAlibaba、SpringSecurity & OAuth2 、Mybatis & Mybatis-Plus And ...
- web : JavaScript、TypeScript、h5、vue2、vue3、webpack、vite2...
- linux
- Container technology: Docker/Docker Compose/Docker swarm、 k8s
- ...

My Github Information

xhuicloud's People

Contributors

Stargazers

Watchers

xhuicloud's Issues

项目年前左右会恢复维护

(。・＿・。)ﾉI’m sorry~ 最近主要在写区块链智能合约的事情。
在春节前左右会恢复维护

修复一些存在的BUG
jdk升级至17
在前端做了个数据驱动表单的组件等等
完善文档

[公告]错误提问模板

模块/组件
eg. XHuiCloud-upms

描述遇到的问题
请清晰简洁的描述遇到的什么问题,以及场景

重现步骤

'...'
'....'
'....'
错误出现!

预期行为
您觉得预期应该发生的是什么,得到的是什么!

截图
如果可以,也请麻烦带上截图,以更快的帮助问题的解决!

附加
可以是环境等信息
eg. MacOS 、Java8 、 XhuiCloud Version v2.0.0

Dependency org.yaml:snakeyaml, leading to CVE problem

Hi, In /XHuiCloud-commons/XHuiCloud-common-zero，there is a dependency org.yaml:snakeyaml:1.30 that calls the risk method.

CVE-2022-25857

The scope of this CVE affected version is ** [0,1.31)**

After further analysis, in this project, the main Api called is org.yaml.snakeyaml.composer.Composer: composeNode(org.yaml.snakeyaml.nodes.Node)Lorg.yaml.snakeyaml.nodes.Node;

Risk method repair link : GitHub

CVE Bug Invocation Path--

Path Length : 5

CVE Bug Invocation Path : 
com.xhuicloud.common.zero.connect.SnowflakeZookeeper: init()Ljava.lang.Boolean; /.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
org.yaml.snakeyaml.Yaml$1: next()Ljava.lang.Object; /.m2/repository/org/hdrhistogram/HdrHistogram/2.1.12/HdrHistogram-2.1.12.jar
org.yaml.snakeyaml.constructor.BaseConstructor: getData()Ljava.lang.Object; /.m2/repository/org/hdrhistogram/HdrHistogram/2.1.12/HdrHistogram-2.1.12.jar
org.yaml.snakeyaml.composer.Composer: getNode()Lorg.yaml.snakeyaml.nodes.Node; /.m2/repository/org/hdrhistogram/HdrHistogram/2.1.12/HdrHistogram-2.1.12.jar
org.yaml.snakeyaml.composer.Composer: composeNode(org.yaml.snakeyaml.nodes.Node)Lorg.yaml.snakeyaml.nodes.Node;

Dependency tree--

[INFO] com.xhuicloud:XHuiCloud-common-zero:jar:2.0.3
[INFO] +- org.apache.curator:curator-framework:jar:5.1.0:compile
[INFO] |  \- org.apache.curator:curator-client:jar:5.1.0:compile
[INFO] |     +- org.apache.zookeeper:zookeeper:jar:3.6.0:compile
[INFO] |     |  +- commons-lang:commons-lang:jar:2.6:compile
[INFO] |     |  +- org.apache.zookeeper:zookeeper-jute:jar:3.6.0:compile
[INFO] |     |  +- org.apache.yetus:audience-annotations:jar:0.5.0:compile
[INFO] |     |  +- io.netty:netty-handler:jar:4.1.78.Final:compile
[INFO] |     |  |  +- io.netty:netty-common:jar:4.1.78.Final:compile
[INFO] |     |  |  +- io.netty:netty-resolver:jar:4.1.78.Final:compile
[INFO] |     |  |  +- io.netty:netty-buffer:jar:4.1.78.Final:compile
[INFO] |     |  |  +- io.netty:netty-transport:jar:4.1.78.Final:compile
[INFO] |     |  |  +- io.netty:netty-transport-native-unix-common:jar:4.1.78.Final:compile
[INFO] |     |  |  \- io.netty:netty-codec:jar:4.1.78.Final:compile
[INFO] |     |  \- io.netty:netty-transport-native-epoll:jar:4.1.78.Final:compile
[INFO] |     |     \- io.netty:netty-transport-classes-epoll:jar:4.1.78.Final:compile
[INFO] |     +- com.google.guava:guava:jar:20.0:compile
[INFO] |     \- org.slf4j:slf4j-api:jar:1.7.36:compile
[INFO] +- commons-io:commons-io:jar:2.6:compile
[INFO] +- org.springframework.boot:spring-boot-starter-json:jar:2.7.1:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter:jar:2.7.1:compile
[INFO] |  |  +- org.springframework.boot:spring-boot:jar:2.7.1:compile
[INFO] |  |  |  \- org.springframework:spring-context:jar:5.3.21:compile
[INFO] |  |  |     +- org.springframework:spring-aop:jar:5.3.21:compile
[INFO] |  |  |     \- org.springframework:spring-expression:jar:5.3.21:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-autoconfigure:jar:2.7.1:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-logging:jar:2.7.1:compile
[INFO] |  |  |  +- ch.qos.logback:logback-classic:jar:1.2.11:compile
[INFO] |  |  |  |  \- ch.qos.logback:logback-core:jar:1.2.11:compile
[INFO] |  |  |  +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.17.2:compile
[INFO] |  |  |  |  \- org.apache.logging.log4j:log4j-api:jar:2.17.2:compile
[INFO] |  |  |  \- org.slf4j:jul-to-slf4j:jar:1.7.36:compile
[INFO] |  |  +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] |  |  +- org.springframework:spring-core:jar:5.3.21:compile
[INFO] |  |  |  \- org.springframework:spring-jcl:jar:5.3.21:compile
[INFO] |  |  \- org.yaml:snakeyaml:jar:1.30:compile
[INFO] |  +- org.springframework:spring-web:jar:5.3.21:compile
[INFO] |  |  \- org.springframework:spring-beans:jar:5.3.21:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.3:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.3:compile
[INFO] |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.13.3:compile
[INFO] |  +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.13.3:compile
[INFO] |  +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.13.3:compile
[INFO] |  \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.13.3:compile
[INFO] +- org.projectlombok:lombok:jar:1.18.24:provided
[INFO] +- org.springframework.boot:spring-boot-configuration-processor:jar:2.7.1:compile
[INFO] +- org.springframework.cloud:spring-cloud-starter-bootstrap:jar:3.1.4:compile
[INFO] |  \- org.springframework.cloud:spring-cloud-starter:jar:3.1.4:compile
[INFO] |     +- org.springframework.cloud:spring-cloud-context:jar:3.1.4:compile
[INFO] |     |  \- org.springframework.security:spring-security-crypto:jar:5.7.2:compile
[INFO] |     +- org.springframework.cloud:spring-cloud-commons:jar:3.1.4:compile
[INFO] |     \- org.springframework.security:spring-security-rsa:jar:1.0.11.RELEASE:compile
[INFO] |        \- org.bouncycastle:bcpkix-jdk15on:jar:1.69:compile
[INFO] |           +- org.bouncycastle:bcprov-jdk15on:jar:1.69:compile
[INFO] |           \- org.bouncycastle:bcutil-jdk15on:jar:1.69:compile
[INFO] +- org.springframework.boot:spring-boot-starter-actuator:jar:2.7.1:compile
[INFO] |  +- org.springframework.boot:spring-boot-actuator-autoconfigure:jar:2.7.1:compile
[INFO] |  |  \- org.springframework.boot:spring-boot-actuator:jar:2.7.1:compile
[INFO] |  \- io.micrometer:micrometer-core:jar:1.9.1:compile
[INFO] |     +- org.hdrhistogram:HdrHistogram:jar:2.1.12:compile
[INFO] |     \- org.latencyutils:LatencyUtils:jar:2.0.3:runtime
[INFO] \- de.codecentric:spring-boot-admin-starter-client:jar:2.7.3:compile
[INFO]    \- de.codecentric:spring-boot-admin-client:jar:2.7.3:compile

Suggested solutions:

Update dependency version

Thank you very much.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.