vulnerabilityhistoryproject / struts-vulnerabilities Goto Github PK
View Code? Open in Web Editor NEWCurated vulnerability data for vulnerabilityhistory.org
License: MIT License
Curated vulnerability data for vulnerabilityhistory.org
License: MIT License
According to NVD, CVE-2017-7525 is a vulnerability in jackson-databind, not Apache Struts. The vulnerability was fixed in FasterXML/jackson-databind#1599. Apache Struts was merely modified in apache/struts@0d42ff5, apache/struts@941374e, and apache/struts@a2824b7 to upgrade to Jackson version 2.9.2.
Should CVE-2017-7525 be curated as a vulnerability in the Apache Struts project?
In the qualitative analysis of archeogit using http-vulnerabilities, we found certain commits that likely contributed to a vulnerability but were not curated as such. The issue is a summary of all such commits for consideration.
3f1f9a133bba5739273ebc1212f067eff1613a0f
is a contributing commit. 3f1f9a133bba5739273ebc1212f067eff1613a0f
did indeed modify the line that was later modified to fix the vulnerability. As a consequence, it is reasonable to characterize it as a contributing commit.0efcc08445720822c2c44a5db426c68a48f0c8aa
is a contributing commit. 0efcc08445720822c2c44a5db426c68a48f0c8aa
did indeed modify the line that we modified to fix the vulnerability. As a consequence, it is reasonable to expect the commit to be characterized as a contributing commit.86813c1a7214bc002a5d7ce9981a9ef333e27142
is a contributing commit. 86813c1a7214bc002a5d7ce9981a9ef333e27142
did indeed add a method that was modified to add a check in the vulnerability fixing commit.702738693ce9206f3023903d73094fe1522cb91c
is a contributing commit. 702738693ce9206f3023903d73094fe1522cb91c
did indeed modify the line that was later modified to fix the vulnerability.c01d3a92db7f71f751a0522912d24bcf4a94a1b0
is a contributing commit. c01d3a92db7f71f751a0522912d24bcf4a94a1b0
added the file along with 3,103 other files that was modified to fix the vulnerability. The lines that were modified when fixing the vulnerability were added by this contributing commit.8e9f9fb89ff84e3f383d0aef73443af919c271d7
is a contributing commit. 8e9f9fb89ff84e3f383d0aef73443af919c271d7
did indeed modify the code in core/src/main/java/com/opensymphony/xwork2/interceptor/ChainingInterceptor.java
that was eventually modified to fix the vulnerability. Furthermore, the commit message of the contributing commit is also indicative of the type of change the commit is contributing and the description of the vulnerability is also on the same functionality.931df54ab379bf4eb5a625bf05066b8563c3737b
is a contributing commit. 931df54ab379bf4eb5a625bf05066b8563c3737b
did indeed add the regular expression (DEFAULT_URL_REGEX
) which was specifically modified in both commits that fixed the vulnerability.97f531cee67fb23cd92dceb86f170cd683dfd955
is a contributing commit. Although 97f531cee67fb23cd92dceb86f170cd683dfd955
added comments that were deleted when 5a0f2e1aaf8d420bd74033175e6e459883160487
fixed the vulnerability, there are lines that were added by the contributing commit that had to be modified to fix the vulnerability. As a consequence, it is reasonable to characterize 97f531cee67fb23cd92dceb86f170cd683dfd955
as a contributing commit.A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.