Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency org.yaml:snakeyaml, leading to CVE problem #59

Open
CVEDetect opened this issue Mar 18, 2023 · 0 comments
Open

Dependency org.yaml:snakeyaml, leading to CVE problem #59

CVEDetect opened this issue Mar 18, 2023 · 0 comments

Comments

@CVEDetect
Copy link

Hi, In /,there is a dependency org.yaml:snakeyaml:1.19 that calls the risk method.

CVE-2022-25857

The scope of this CVE affected version is ** [0,1.31)**

After further analysis, in this project, the main Api called is org.yaml.snakeyaml.composer.Composer: composeNode(org.yaml.snakeyaml.nodes.Node)Lorg.yaml.snakeyaml.nodes.Node;

Risk method repair link : GitHub

CVE Bug Invocation Path--

Path Length : 6

CVE Bug Invocation Path : 
org.spiderflow.model.SpiderLog: init(java.lang.String,java.lang.String,java.util.List)V /.m2/repository/org/springframework/boot/spring-boot-starter-quartz/2.0.7.RELEASE/spring-boot-starter-quartz-2.0.7.RELEASE.jar
org.yaml.snakeyaml.Yaml$1: next()Ljava.lang.Object; /.m2/repository/org/springframework/boot/spring-boot-starter-quartz/2.0.7.RELEASE/spring-boot-starter-quartz-2.0.7.RELEASE.jar
org.yaml.snakeyaml.constructor.BaseConstructor: getData()Ljava.lang.Object; /.m2/repository/org/springframework/boot/spring-boot-starter-quartz/2.0.7.RELEASE/spring-boot-starter-quartz-2.0.7.RELEASE.jar
org.yaml.snakeyaml.composer.Composer: getNode()Lorg.yaml.snakeyaml.nodes.Node; /.m2/repository/org/springframework/boot/spring-boot-starter-quartz/2.0.7.RELEASE/spring-boot-starter-quartz-2.0.7.RELEASE.jar
org.yaml.snakeyaml.composer.Composer: composeDocument()Lorg.yaml.snakeyaml.nodes.Node; /.m2/repository/org/springframework/boot/spring-boot-starter-quartz/2.0.7.RELEASE/spring-boot-starter-quartz-2.0.7.RELEASE.jar
org.yaml.snakeyaml.composer.Composer: composeNode(org.yaml.snakeyaml.nodes.Node)Lorg.yaml.snakeyaml.nodes.Node;

Dependency tree--

INFO] org.spiderflow:spider-flow:pom:0.5.0
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-logging:jar:2.0.7.RELEASE:compile
[INFO] |  |  |  +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] |  |  |  |  \- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] |  |  |  +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.10.0:compile
[INFO] |  |  |  |  \- org.apache.logging.log4j:log4j-api:jar:2.10.0:compile
[INFO] |  |  |  \- org.slf4j:jul-to-slf4j:jar:1.7.25:compile
[INFO] |  |  +- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] |  |  \- org.yaml:snakeyaml:jar:1.19:runtime
[INFO] |  +- org.springframework.boot:spring-boot-starter-json:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.7:compile
[INFO] |  |  |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.0:compile
[INFO] |  |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.9.7:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.9.7:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.9.7:compile
[INFO] |  |  \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.9.7:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.5.35:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-el:jar:8.5.35:compile
[INFO] |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.5.35:compile
[INFO] |  +- org.hibernate.validator:hibernate-validator:jar:6.0.13.Final:compile
[INFO] |  |  +- javax.validation:validation-api:jar:2.0.1.Final:compile
[INFO] |  |  +- org.jboss.logging:jboss-logging:jar:3.3.2.Final:compile
[INFO] |  |  \- com.fasterxml:classmate:jar:1.3.4:compile
[INFO] |  +- org.springframework:spring-web:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-webmvc:jar:5.0.11.RELEASE:compile
[INFO] |     +- org.springframework:spring-aop:jar:5.0.11.RELEASE:compile
[INFO] |     \- org.springframework:spring-expression:jar:5.0.11.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-quartz:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-context-support:jar:5.0.11.RELEASE:compile
[INFO] |  +- org.springframework:spring-tx:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.quartz-scheduler:quartz:jar:2.3.0:compile
[INFO] |     \- com.mchange:mchange-commons-java:jar:0.2.11:compile
[INFO] +- org.springframework.boot:spring-boot-starter-mail:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-context:jar:5.0.11.RELEASE:compile
[INFO] |  \- com.sun.mail:javax.mail:jar:1.6.2:compile
[INFO] |     \- javax.activation:activation:jar:1.1:compile
[INFO] +- org.springframework:spring-jdbc:jar:5.0.11.RELEASE:compile
[INFO] |  +- org.springframework:spring-beans:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-core:jar:5.0.11.RELEASE:compile
[INFO] |     \- org.springframework:spring-jcl:jar:5.0.11.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-websocket:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-messaging:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-websocket:jar:5.0.11.RELEASE:compile
[INFO] +- com.baomidou:mybatis-plus-boot-starter:jar:3.1.0:compile
[INFO] |  +- com.baomidou:mybatis-plus:jar:3.1.0:compile
[INFO] |  |  \- com.baomidou:mybatis-plus-extension:jar:3.1.0:compile
[INFO] |  |     +- com.baomidou:mybatis-plus-core:jar:3.1.0:compile
[INFO] |  |     |  +- com.baomidou:mybatis-plus-annotation:jar:3.1.0:compile
[INFO] |  |     |  +- org.mybatis:mybatis:jar:3.5.0:compile
[INFO] |  |     |  \- com.github.jsqlparser:jsqlparser:jar:1.4:compile
[INFO] |  |     \- org.mybatis:mybatis-spring:jar:2.0.0:compile
[INFO] |  +- org.springframework.boot:spring-boot-autoconfigure:jar:2.0.7.RELEASE:compile
[INFO] |  \- org.springframework.boot:spring-boot-starter-jdbc:jar:2.0.7.RELEASE:compile
[INFO] |     \- com.zaxxer:HikariCP:jar:2.7.9:compile
[INFO] +- mysql:mysql-connector-java:jar:5.1.47:compile
[INFO] +- com.alibaba:fastjson:jar:1.2.83:compile
[INFO] +- com.alibaba:druid-spring-boot-starter:jar:1.1.16:compile
[INFO] |  +- com.alibaba:druid:jar:1.1.16:compile
[INFO] |  \- org.slf4j:slf4j-api:jar:1.7.25:compile
[INFO] +- com.alibaba:transmittable-thread-local:jar:2.11.5:compile
[INFO] +- org.apache.commons:commons-text:jar:1.6:compile
[INFO] |  \- org.apache.commons:commons-lang3:jar:3.7:compile
[INFO] +- org.apache.commons:commons-csv:jar:1.8:compile
[INFO] +- commons-io:commons-io:jar:2.7:compile
[INFO] +- commons-codec:commons-codec:jar:1.11:compile
[INFO] +- com.google.guava:guava:jar:28.2-jre:compile
[INFO] |  +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- org.checkerframework:checker-qual:jar:2.10.0:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.3.4:compile
[INFO] |  \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] +- org.jsoup:jsoup:jar:1.11.3:compile
[INFO] \- us.codecraft:xsoup:jar:0.3.1:compile
[INFO]    \- org.assertj:assertj-core:jar:3.9.1:compile
[INFO] 
[INFO] -------------------< org.spiderflow:spider-flow-api >-------------------
[INFO] Building spider-flow-api 0.5.0                                     [2/4]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:3.0.2:tree (default-cli) @ spider-flow-api ---
[INFO] org.spiderflow:spider-flow-api:jar:0.5.0
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-logging:jar:2.0.7.RELEASE:compile
[INFO] |  |  |  +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] |  |  |  |  \- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] |  |  |  +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.10.0:compile
[INFO] |  |  |  |  \- org.apache.logging.log4j:log4j-api:jar:2.10.0:compile
[INFO] |  |  |  \- org.slf4j:jul-to-slf4j:jar:1.7.25:compile
[INFO] |  |  +- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] |  |  \- org.yaml:snakeyaml:jar:1.19:runtime
[INFO] |  +- org.springframework.boot:spring-boot-starter-json:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.7:compile
[INFO] |  |  |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.0:compile
[INFO] |  |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.9.7:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.9.7:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.9.7:compile
[INFO] |  |  \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.9.7:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.5.35:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-el:jar:8.5.35:compile
[INFO] |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.5.35:compile
[INFO] |  +- org.hibernate.validator:hibernate-validator:jar:6.0.13.Final:compile
[INFO] |  |  +- javax.validation:validation-api:jar:2.0.1.Final:compile
[INFO] |  |  +- org.jboss.logging:jboss-logging:jar:3.3.2.Final:compile
[INFO] |  |  \- com.fasterxml:classmate:jar:1.3.4:compile
[INFO] |  +- org.springframework:spring-web:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-webmvc:jar:5.0.11.RELEASE:compile
[INFO] |     +- org.springframework:spring-aop:jar:5.0.11.RELEASE:compile
[INFO] |     \- org.springframework:spring-expression:jar:5.0.11.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-quartz:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-context-support:jar:5.0.11.RELEASE:compile
[INFO] |  +- org.springframework:spring-tx:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.quartz-scheduler:quartz:jar:2.3.0:compile
[INFO] |     \- com.mchange:mchange-commons-java:jar:0.2.11:compile
[INFO] +- org.springframework.boot:spring-boot-starter-mail:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-context:jar:5.0.11.RELEASE:compile
[INFO] |  \- com.sun.mail:javax.mail:jar:1.6.2:compile
[INFO] |     \- javax.activation:activation:jar:1.1:compile
[INFO] +- org.springframework:spring-jdbc:jar:5.0.11.RELEASE:compile
[INFO] |  +- org.springframework:spring-beans:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-core:jar:5.0.11.RELEASE:compile
[INFO] |     \- org.springframework:spring-jcl:jar:5.0.11.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-websocket:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-messaging:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-websocket:jar:5.0.11.RELEASE:compile
[INFO] +- com.baomidou:mybatis-plus-boot-starter:jar:3.1.0:compile
[INFO] |  +- com.baomidou:mybatis-plus:jar:3.1.0:compile
[INFO] |  |  \- com.baomidou:mybatis-plus-extension:jar:3.1.0:compile
[INFO] |  |     +- com.baomidou:mybatis-plus-core:jar:3.1.0:compile
[INFO] |  |     |  +- com.baomidou:mybatis-plus-annotation:jar:3.1.0:compile
[INFO] |  |     |  +- org.mybatis:mybatis:jar:3.5.0:compile
[INFO] |  |     |  \- com.github.jsqlparser:jsqlparser:jar:1.4:compile
[INFO] |  |     \- org.mybatis:mybatis-spring:jar:2.0.0:compile
[INFO] |  +- org.springframework.boot:spring-boot-autoconfigure:jar:2.0.7.RELEASE:compile
[INFO] |  \- org.springframework.boot:spring-boot-starter-jdbc:jar:2.0.7.RELEASE:compile
[INFO] |     \- com.zaxxer:HikariCP:jar:2.7.9:compile
[INFO] +- mysql:mysql-connector-java:jar:5.1.47:compile
[INFO] +- com.alibaba:fastjson:jar:1.2.83:compile
[INFO] +- com.alibaba:druid-spring-boot-starter:jar:1.1.16:compile
[INFO] |  +- com.alibaba:druid:jar:1.1.16:compile
[INFO] |  \- org.slf4j:slf4j-api:jar:1.7.25:compile
[INFO] +- com.alibaba:transmittable-thread-local:jar:2.11.5:compile
[INFO] +- org.apache.commons:commons-text:jar:1.6:compile
[INFO] |  \- org.apache.commons:commons-lang3:jar:3.7:compile
[INFO] +- org.apache.commons:commons-csv:jar:1.8:compile
[INFO] +- commons-io:commons-io:jar:2.7:compile
[INFO] +- commons-codec:commons-codec:jar:1.11:compile
[INFO] +- com.google.guava:guava:jar:28.2-jre:compile
[INFO] |  +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- org.checkerframework:checker-qual:jar:2.10.0:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.3.4:compile
[INFO] |  \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] +- org.jsoup:jsoup:jar:1.11.3:compile
[INFO] \- us.codecraft:xsoup:jar:0.3.1:compile
[INFO]    \- org.assertj:assertj-core:jar:3.9.1:compile
[INFO] 
[INFO] ------------------< org.spiderflow:spider-flow-core >-------------------
[INFO] Building spider-flow-core 0.5.0                                    [3/4]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:3.0.2:tree (default-cli) @ spider-flow-core ---
[INFO] org.spiderflow:spider-flow-core:jar:0.5.0
[INFO] +- org.spiderflow:spider-flow-api:jar:0.5.0:compile
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-logging:jar:2.0.7.RELEASE:compile
[INFO] |  |  |  +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] |  |  |  |  \- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] |  |  |  +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.10.0:compile
[INFO] |  |  |  |  \- org.apache.logging.log4j:log4j-api:jar:2.10.0:compile
[INFO] |  |  |  \- org.slf4j:jul-to-slf4j:jar:1.7.25:compile
[INFO] |  |  +- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] |  |  \- org.yaml:snakeyaml:jar:1.19:runtime
[INFO] |  +- org.springframework.boot:spring-boot-starter-json:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.7:compile
[INFO] |  |  |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.0:compile
[INFO] |  |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.9.7:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.9.7:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.9.7:compile
[INFO] |  |  \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.9.7:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.5.35:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-el:jar:8.5.35:compile
[INFO] |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.5.35:compile
[INFO] |  +- org.hibernate.validator:hibernate-validator:jar:6.0.13.Final:compile
[INFO] |  |  +- javax.validation:validation-api:jar:2.0.1.Final:compile
[INFO] |  |  +- org.jboss.logging:jboss-logging:jar:3.3.2.Final:compile
[INFO] |  |  \- com.fasterxml:classmate:jar:1.3.4:compile
[INFO] |  +- org.springframework:spring-web:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-webmvc:jar:5.0.11.RELEASE:compile
[INFO] |     +- org.springframework:spring-aop:jar:5.0.11.RELEASE:compile
[INFO] |     \- org.springframework:spring-expression:jar:5.0.11.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-quartz:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-context-support:jar:5.0.11.RELEASE:compile
[INFO] |  +- org.springframework:spring-tx:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.quartz-scheduler:quartz:jar:2.3.0:compile
[INFO] |     \- com.mchange:mchange-commons-java:jar:0.2.11:compile
[INFO] +- org.springframework.boot:spring-boot-starter-mail:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-context:jar:5.0.11.RELEASE:compile
[INFO] |  \- com.sun.mail:javax.mail:jar:1.6.2:compile
[INFO] |     \- javax.activation:activation:jar:1.1:compile
[INFO] +- org.springframework:spring-jdbc:jar:5.0.11.RELEASE:compile
[INFO] |  +- org.springframework:spring-beans:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-core:jar:5.0.11.RELEASE:compile
[INFO] |     \- org.springframework:spring-jcl:jar:5.0.11.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-websocket:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-messaging:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-websocket:jar:5.0.11.RELEASE:compile
[INFO] +- com.baomidou:mybatis-plus-boot-starter:jar:3.1.0:compile
[INFO] |  +- com.baomidou:mybatis-plus:jar:3.1.0:compile
[INFO] |  |  \- com.baomidou:mybatis-plus-extension:jar:3.1.0:compile
[INFO] |  |     +- com.baomidou:mybatis-plus-core:jar:3.1.0:compile
[INFO] |  |     |  +- com.baomidou:mybatis-plus-annotation:jar:3.1.0:compile
[INFO] |  |     |  +- org.mybatis:mybatis:jar:3.5.0:compile
[INFO] |  |     |  \- com.github.jsqlparser:jsqlparser:jar:1.4:compile
[INFO] |  |     \- org.mybatis:mybatis-spring:jar:2.0.0:compile
[INFO] |  +- org.springframework.boot:spring-boot-autoconfigure:jar:2.0.7.RELEASE:compile
[INFO] |  \- org.springframework.boot:spring-boot-starter-jdbc:jar:2.0.7.RELEASE:compile
[INFO] |     \- com.zaxxer:HikariCP:jar:2.7.9:compile
[INFO] +- mysql:mysql-connector-java:jar:5.1.47:compile
[INFO] +- com.alibaba:fastjson:jar:1.2.83:compile
[INFO] +- com.alibaba:druid-spring-boot-starter:jar:1.1.16:compile
[INFO] |  +- com.alibaba:druid:jar:1.1.16:compile
[INFO] |  \- org.slf4j:slf4j-api:jar:1.7.25:compile
[INFO] +- com.alibaba:transmittable-thread-local:jar:2.11.5:compile
[INFO] +- org.apache.commons:commons-text:jar:1.6:compile
[INFO] |  \- org.apache.commons:commons-lang3:jar:3.7:compile
[INFO] +- org.apache.commons:commons-csv:jar:1.8:compile
[INFO] +- commons-io:commons-io:jar:2.7:compile
[INFO] +- commons-codec:commons-codec:jar:1.11:compile
[INFO] +- com.google.guava:guava:jar:28.2-jre:compile
[INFO] |  +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- org.checkerframework:checker-qual:jar:2.10.0:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.3.4:compile
[INFO] |  \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] +- org.jsoup:jsoup:jar:1.11.3:compile
[INFO] \- us.codecraft:xsoup:jar:0.3.1:compile
[INFO]    \- org.assertj:assertj-core:jar:3.9.1:compile
[INFO] 
[INFO] -------------------< org.spiderflow:spider-flow-web >-------------------
[INFO] Building spider-flow-web 0.5.0                                     [4/4]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:3.0.2:tree (default-cli) @ spider-flow-web ---
[INFO] org.spiderflow:spider-flow-web:jar:0.5.0
[INFO] +- org.spiderflow:spider-flow-core:jar:0.5.0:compile
[INFO] |  \- org.spiderflow:spider-flow-api:jar:0.5.0:compile
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.springframework.boot:spring-boot-starter-logging:jar:2.0.7.RELEASE:compile
[INFO] |  |  |  +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] |  |  |  |  \- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] |  |  |  +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.10.0:compile
[INFO] |  |  |  |  \- org.apache.logging.log4j:log4j-api:jar:2.10.0:compile
[INFO] |  |  |  \- org.slf4j:jul-to-slf4j:jar:1.7.25:compile
[INFO] |  |  +- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] |  |  \- org.yaml:snakeyaml:jar:1.19:runtime
[INFO] |  +- org.springframework.boot:spring-boot-starter-json:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.9.7:compile
[INFO] |  |  |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.0:compile
[INFO] |  |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.9.7:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.9.7:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.9.7:compile
[INFO] |  |  \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.9.7:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.0.7.RELEASE:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:8.5.35:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-el:jar:8.5.35:compile
[INFO] |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.5.35:compile
[INFO] |  +- org.hibernate.validator:hibernate-validator:jar:6.0.13.Final:compile
[INFO] |  |  +- javax.validation:validation-api:jar:2.0.1.Final:compile
[INFO] |  |  +- org.jboss.logging:jboss-logging:jar:3.3.2.Final:compile
[INFO] |  |  \- com.fasterxml:classmate:jar:1.3.4:compile
[INFO] |  +- org.springframework:spring-web:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-webmvc:jar:5.0.11.RELEASE:compile
[INFO] |     +- org.springframework:spring-aop:jar:5.0.11.RELEASE:compile
[INFO] |     \- org.springframework:spring-expression:jar:5.0.11.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-quartz:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-context-support:jar:5.0.11.RELEASE:compile
[INFO] |  +- org.springframework:spring-tx:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.quartz-scheduler:quartz:jar:2.3.0:compile
[INFO] |     \- com.mchange:mchange-commons-java:jar:0.2.11:compile
[INFO] +- org.springframework.boot:spring-boot-starter-mail:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-context:jar:5.0.11.RELEASE:compile
[INFO] |  \- com.sun.mail:javax.mail:jar:1.6.2:compile
[INFO] |     \- javax.activation:activation:jar:1.1:compile
[INFO] +- org.springframework:spring-jdbc:jar:5.0.11.RELEASE:compile
[INFO] |  +- org.springframework:spring-beans:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-core:jar:5.0.11.RELEASE:compile
[INFO] |     \- org.springframework:spring-jcl:jar:5.0.11.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-websocket:jar:2.0.7.RELEASE:compile
[INFO] |  +- org.springframework:spring-messaging:jar:5.0.11.RELEASE:compile
[INFO] |  \- org.springframework:spring-websocket:jar:5.0.11.RELEASE:compile
[INFO] +- com.baomidou:mybatis-plus-boot-starter:jar:3.1.0:compile
[INFO] |  +- com.baomidou:mybatis-plus:jar:3.1.0:compile
[INFO] |  |  \- com.baomidou:mybatis-plus-extension:jar:3.1.0:compile
[INFO] |  |     +- com.baomidou:mybatis-plus-core:jar:3.1.0:compile
[INFO] |  |     |  +- com.baomidou:mybatis-plus-annotation:jar:3.1.0:compile
[INFO] |  |     |  +- org.mybatis:mybatis:jar:3.5.0:compile
[INFO] |  |     |  \- com.github.jsqlparser:jsqlparser:jar:1.4:compile
[INFO] |  |     \- org.mybatis:mybatis-spring:jar:2.0.0:compile
[INFO] |  +- org.springframework.boot:spring-boot-autoconfigure:jar:2.0.7.RELEASE:compile
[INFO] |  \- org.springframework.boot:spring-boot-starter-jdbc:jar:2.0.7.RELEASE:compile
[INFO] |     \- com.zaxxer:HikariCP:jar:2.7.9:compile
[INFO] +- mysql:mysql-connector-java:jar:5.1.47:compile
[INFO] +- com.alibaba:fastjson:jar:1.2.83:compile
[INFO] +- com.alibaba:druid-spring-boot-starter:jar:1.1.16:compile
[INFO] |  +- com.alibaba:druid:jar:1.1.16:compile
[INFO] |  \- org.slf4j:slf4j-api:jar:1.7.25:compile
[INFO] +- com.alibaba:transmittable-thread-local:jar:2.11.5:compile
[INFO] +- org.apache.commons:commons-text:jar:1.6:compile
[INFO] |  \- org.apache.commons:commons-lang3:jar:3.7:compile
[INFO] +- org.apache.commons:commons-csv:jar:1.8:compile
[INFO] +- commons-io:commons-io:jar:2.7:compile
[INFO] +- commons-codec:commons-codec:jar:1.11:compile
[INFO] +- com.google.guava:guava:jar:28.2-jre:compile
[INFO] |  +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] |  +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- org.checkerframework:checker-qual:jar:2.10.0:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.3.4:compile
[INFO] |  \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] +- org.jsoup:jsoup:jar:1.11.3:compile
[INFO] \- us.codecraft:xsoup:jar:0.3.1:compile
[INFO]    \- org.assertj:assertj-core:jar:3.9.1:compile

Suggested solutions:

Update dependency version

Thank you very much.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@CVEDetect