Code Monkey home page Code Monkey logo

weatherapicomlibrary's Introduction

Hi πŸ‘‹, I'm Adam

An amateur and learning programmer from the United States

Connect with me:

adamcraftmaster

Languages and Tools:

git java kotlin linux

weatherapicomlibrary's People

Contributors

admlvntv avatar deepsourcebot avatar renovate-bot avatar

Stargazers

avatar

Watchers

avatar

Forkers

vishwaas-s khuship-wmt

weatherapicomlibrary's Issues

CVE-2022-42003 (Medium) detected in jackson-databind-2.13.2.jar

CVE-2022-42003 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.13.2.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /WeatherAPIcomLib/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar,/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar

Dependency Hierarchy:

  • ❌ jackson-databind-2.13.2.jar (Vulnerable Library)

Found in base branch: main

Vulnerability Details

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

Publish Date: 2022-10-02

URL: CVE-2022-42003

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

JSON received internally in an unoptimized way

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
The library currently every time a method is called, downloads the JSON and uses up the limited amount of API usage.

Describe the solution you'd like
A clear and concise description of what you want to happen.
A potential solution is to download the JSON once every time a library’s object is initialized and save it for future usage without having to redownload over and over.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
We could also have it only redownload the JSON if a certain amount of time has passed since it was downloaded.

Additional context
Add any other context or screenshots about the feature request here.
chart

CVE-2020-36518 (High) detected in jackson-databind-2.13.2.jar

CVE-2020-36518 - High Severity Vulnerability

Vulnerable Library - jackson-databind-2.13.2.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /WeatherAPIcomLib/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar,/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar

Dependency Hierarchy:

  • ❌ jackson-databind-2.13.2.jar (Vulnerable Library)

Found in base branch: main

Vulnerability Details

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Mend Note: After conducting further research, Mend has determined that all versions of com.fasterxml.jackson.core:jackson-databind up to version 2.13.2 are vulnerable to CVE-2020-36518.

Publish Date: 2022-03-11

URL: CVE-2020-36518

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-03-11

Fix Resolution: 2.13.2.1

Step up your Open Source Security Game with Mend here

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

  • Update actions/checkout action to v4
  • Update actions/setup-java action to v4
  • Update dependency com.google.guava:guava to v32
  • Update github/super-linter action to v5
  • πŸ” Create all rate-limited PRs at once πŸ”

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions
.github/workflows/ci.yml
  • actions/checkout v3.0.0
  • actions/setup-java v3
  • actions/cache v3
  • gradle/gradle-build-action v2
  • actions/upload-artifact v3.0.0
  • actions/checkout v3
  • actions/setup-java v3
  • actions/cache v3
  • actions/cache v3
.github/workflows/codeql-analysis.yml
  • actions/checkout v3
  • github/codeql-action v1
  • github/codeql-action v1
  • github/codeql-action v1
.github/workflows/gradle-wrapper-validation.yml
  • actions/checkout v3
  • gradle/wrapper-validation-action v1
.github/workflows/linter.yml
  • actions/checkout v3
  • github/super-linter v4
gradle
settings.gradle
WeatherAPIcomLib/build.gradle
  • org.sonarqube 3.3
  • org.junit.jupiter:junit-jupiter 5.8.2
  • org.apache.commons:commons-math3 3.6.1
  • com.fasterxml.jackson.core:jackson-core 2.13.2
  • com.fasterxml.jackson.core:jackson-databind 2.13.2
  • javax.annotation:javax.annotation-api 1.3.2
  • com.google.guava:guava 31.1-jre
gradle-wrapper
gradle/wrapper/gradle-wrapper.properties
  • gradle 7.4.1
  • Check this box to trigger a request for Renovate to run again on this repository

CVE-2022-42004 (Medium) detected in jackson-databind-2.13.2.jar

CVE-2022-42004 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.13.2.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /WeatherAPIcomLib/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar,/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.2/926e48c451166a291f1ce6c6276d9abbefa7c00f/jackson-databind-2.13.2.jar

Dependency Hierarchy:

  • ❌ jackson-databind-2.13.2.jar (Vulnerable Library)

Found in base branch: main

Vulnerability Details

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Publish Date: 2022-10-02

URL: CVE-2022-42004

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-02

Fix Resolution: com.fasterxml.jackson.core:jackson-databind:2.13.4

Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.