René's URL Explorer Experiment

Title: Dependency org.apache.shiro:shiro-web, leading to CVE problem · Issue #13 · c0de8ug/javaee-tutorial · GitHub

Open Graph Title: Dependency org.apache.shiro:shiro-web, leading to CVE problem · Issue #13 · c0de8ug/javaee-tutorial

X Title: Dependency org.apache.shiro:shiro-web, leading to CVE problem · Issue #13 · c0de8ug/javaee-tutorial

Description: Hi, In javaee-tutorial，there is a dependency org.apache.shiro:shiro-web:1.2.4 that calls the risk method. CVE-2020-11989 The scope of this CVE affected version is [,1.5.3) After further analysis, in this project, the main Api called is <...

Open Graph Description: Hi, In javaee-tutorial，there is a dependency org.apache.shiro:shiro-web:1.2.4 that calls the risk method. CVE-2020-11989 The scope of this CVE affected version is [,1.5.3) After further analysis, i...

X Description: Hi, In javaee-tutorial，there is a dependency org.apache.shiro:shiro-web:1.2.4 that calls the risk method. CVE-2020-11989 The scope of this CVE affected version is [,1.5.3) After further analysis, i...

Opengraph URL: https://github.com/c0de8ug/javaee-tutorial/issues/13

X: @github

direct link

Domain: patch-diff.githubusercontent.com

Hey, it has json ld scripts:

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Dependency org.apache.shiro:shiro-web, leading to CVE problem","articleBody":"Hi, In **javaee-tutorial**，there is a dependency **org.apache.shiro:shiro-web:1.2.4** that calls the risk method.\r\n\r\n[CVE-2020-11989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989)\r\n\r\nThe scope of this CVE affected version is **[,1.5.3)**\r\n\r\nAfter further analysis, in this project, the main Api called is **\u003corg.apache.shiro.web.util.WebUtils: java.lang.String getPathWithinApplication(javax.servlet.http.HttpServletRequest)\u003e**\r\n\r\nRisk method repair link : [GitHub](https://github.com/apache/shiro/commit/b90f91875e5e18c4805013c2fa0567b1700f5a96)\r\n\r\n**CVE Bug Invocation Path--**\r\n\r\n**Path Length : 3**\r\n\r\n```\r\n\u003corg.apache.shiro.web.util.WebUtils: java.lang.String getPathWithinApplication(javax.servlet.http.HttpServletRequest)\u003e\r\nat \u003ccom.giit.www.filter.FormLoginFilter: boolean isLoginRequest(javax.servlet.http.HttpServletRequest)\u003e (com.giit.www.filter.FormLoginFilter.java:[60]) in /detect/unzip/javaee-tutorial-master/target/classes\r\nat \u003ccom.giit.www.filter.FormLoginFilter: boolean onPreHandle(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)\u003e (com.giit.www.filter.FormLoginFilter.java:[26]) in /detect/unzip/javaee-tutorial-master/target/classes\r\n```\r\n\r\n\r\n\r\n**Dependency tree--**\r\n\r\n```\r\n[INFO] core:com.giit.www.orderbook:war:1.0-SNAPSHOT\r\n[INFO] +- org.hamcrest:hamcrest-core:jar:1.3:compile\r\n[INFO] +- org.apache.shiro:shiro-core:jar:1.4.2:compile\r\n[INFO] |  +- org.apache.shiro:shiro-lang:jar:1.4.2:compile\r\n[INFO] |  +- org.apache.shiro:shiro-cache:jar:1.4.2:compile\r\n[INFO] |  +- org.apache.shiro:shiro-crypto-hash:jar:1.4.2:compile\r\n[INFO] |  |  \\- org.apache.shiro:shiro-crypto-core:jar:1.4.2:compile\r\n[INFO] |  +- org.apache.shiro:shiro-crypto-cipher:jar:1.4.2:compile\r\n[INFO] |  +- org.apache.shiro:shiro-config-core:jar:1.4.2:compile\r\n[INFO] |  +- org.apache.shiro:shiro-config-ogdl:jar:1.4.2:compile\r\n[INFO] |  |  \\- commons-beanutils:commons-beanutils:jar:1.9.3:compile\r\n[INFO] |  |     \\- commons-collections:commons-collections:jar:3.2.2:compile\r\n[INFO] |  \\- org.apache.shiro:shiro-event:jar:1.4.2:compile\r\n[INFO] +- org.apache.shiro:shiro-web:jar:1.2.4:compile\r\n[INFO] +- org.apache.shiro:shiro-quartz:jar:1.2.4:compile\r\n[INFO] |  \\- org.opensymphony.quartz:quartz:jar:1.6.1:compile\r\n[INFO] +- org.apache.shiro:shiro-spring:jar:1.2.4:compile\r\n[INFO] +- org.apache.shiro:shiro-aspectj:jar:1.2.4:compile\r\n[INFO] +- mysql:mysql-connector-java:jar:5.1.38:compile\r\n[INFO] +- org.aspectj:aspectjrt:jar:1.8.8:compile\r\n[INFO] +- org.aspectj:aspectjweaver:jar:1.8.8:compile\r\n[INFO] |  \\- org.springframework:spring-core:jar:4.2.4.RELEASE:compile\r\n[INFO] +- org.springframework:spring-context-support:jar:4.2.4.RELEASE:compile\r\n[INFO] |  +- org.springframework:spring-beans:jar:4.2.4.RELEASE:compile\r\n[INFO] |  \\- org.springframework:spring-context:jar:4.2.4.RELEASE:compile\r\n[INFO] |     \\- org.springframework:spring-aop:jar:4.2.4.RELEASE:compile\r\n[INFO] |        \\- aopalliance:aopalliance:jar:1.0:compile\r\n[INFO] +- org.springframework:spring-jdbc:jar:4.2.4.RELEASE:compile\r\n[INFO] +- org.springframework:spring-tx:jar:4.2.4.RELEASE:compile\r\n[INFO] +- org.springframework:spring-webmvc:jar:4.2.4.RELEASE:compile\r\n[INFO] |  +- org.springframework:spring-expression:jar:4.2.4.RELEASE:compile\r\n[INFO] |  \\- org.springframework:spring-web:jar:4.2.4.RELEASE:compile\r\n[INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided\r\n[INFO] +- javax.servlet.jsp:jsp-api:jar:2.2:compile\r\n[INFO] +- javax.servlet:jstl:jar:1.2:compile\r\n[INFO] +- org.mybatis:mybatis-spring:jar:1.2.4:compile\r\n[INFO] +- org.mybatis:mybatis:jar:3.3.1:compile\r\n[INFO] +- cglib:cglib:jar:3.2.0:compile\r\n[INFO] |  +- org.ow2.asm:asm:jar:5.0.3:compile\r\n[INFO] |  \\- org.apache.ant:ant:jar:1.9.4:compile\r\n[INFO] |     \\- org.apache.ant:ant-launcher:jar:1.9.4:compile\r\n[INFO] +- commons-logging:commons-logging:jar:1.2:compile\r\n[INFO] +- org.slf4j:slf4j-api:jar:1.7.14:compile\r\n[INFO] +- log4j:log4j:jar:1.2.17:compile\r\n[INFO] +- org.apache.logging.log4j:log4j-core:jar:2.3:compile\r\n[INFO] |  \\- org.apache.logging.log4j:log4j-api:jar:2.3:compile\r\n[INFO] +- org.slf4j:slf4j-log4j12:jar:1.7.14:compile\r\n[INFO] +- ognl:ognl:jar:3.1.2:compile\r\n[INFO] |  \\- javassist:javassist:jar:3.11.0.GA:compile\r\n[INFO] +- org.javassist:javassist:jar:3.20.0-GA:compile\r\n[INFO] +- org.apache.commons:commons-pool2:jar:2.3:compile\r\n[INFO] +- org.apache.commons:commons-dbcp2:jar:2.1:compile\r\n[INFO] +- com.google.code.gson:gson:jar:2.6:compile\r\n[INFO] \\- commons-fileupload:commons-fileupload:jar:1.3.3:compile\r\n[INFO]    \\- commons-io:commons-io:jar:2.2:compile\r\n```\r\n\r\n**_Suggested solutions:_**\r\n\r\nUpdate dependency version\r\n\r\n\r\n\r\nThank you very much.","author":{"url":"https://github.com/CVEDetect","@type":"Person","name":"CVEDetect"},"datePublished":"2021-09-13T07:30:17.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":1},"url":"https://github.com/13/javaee-tutorial/issues/13"}

route-pattern	/_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format)
route-controller	voltron_issues_fragments
route-action	issue_layout
fetch-nonce	v2:e02f9a23-06d3-e9c4-a7f6-16838415f277
current-catalog-service-hash	81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114
request-id	AFBE:3BDF7:34B25D7:43ADBE6:69801158
html-safe-nonce	4a2a199fd853b5bae214f9c4e728ff5624f2d8a269dfb5d192694f0bed8a9349
visitor-payload	eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBRkJFOjNCREY3OjM0QjI1RDc6NDNBREJFNjo2OTgwMTE1OCIsInZpc2l0b3JfaWQiOiI4OTM3NDA0Mjg1NjA0MzM1OTYwIiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0=
visitor-hmac	57928f91b1fcef0d3f287591a237a230a9f129397314c4f49841297892b84917
hovercard-subject-tag	issue:994552349
github-keyboard-shortcuts	repository,issues,copilot
google-site-verification	Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-url	https://collector.github.com/github/collect
analytics-location	///voltron/issues_fragments/issue_layout
fb:app_id	1401488693436528
apple-itunes-app	app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/c0de8ug/javaee-tutorial/13/issue_layout
twitter:image	https://opengraph.githubassets.com/aa3b4689b73238b05e7dcccb7b133eea23c637ceeacfc11f69ea669094c8c685/c0de8ug/javaee-tutorial/issues/13
twitter:card	summary_large_image
og:image	https://opengraph.githubassets.com/aa3b4689b73238b05e7dcccb7b133eea23c637ceeacfc11f69ea669094c8c685/c0de8ug/javaee-tutorial/issues/13
og:image:alt	Hi, In javaee-tutorial，there is a dependency org.apache.shiro:shiro-web:1.2.4 that calls the risk method. CVE-2020-11989 The scope of this CVE affected version is [,1.5.3) After further analysis, i...
og:image:width	1200
og:image:height	600
og:site_name	GitHub
og:type	object
og:author:username	CVEDetect
hostname	github.com
expected-hostname	github.com
None	60279d4097367e16897439d16d6bbe4180663db828c666eeed2656988ffe59f6
turbo-cache-control	no-preview
go-import	github.com/c0de8ug/javaee-tutorial git https://github.com/c0de8ug/javaee-tutorial.git
octolytics-dimension-user_id	40494925
octolytics-dimension-user_login	c0de8ug
octolytics-dimension-repository_id	138445062
octolytics-dimension-repository_nwo	c0de8ug/javaee-tutorial
octolytics-dimension-repository_public	true
octolytics-dimension-repository_is_fork	false
octolytics-dimension-repository_network_root_id	138445062
octolytics-dimension-repository_network_root_nwo	c0de8ug/javaee-tutorial
turbo-body-classes	logged-out env-production page-responsive
disable-turbo	false
browser-stats-url	https://api.github.com/_private/browser/stats
browser-errors-url	https://api.github.com/_private/browser/errors
release	7c85641c598ad130c74f7bcc27f58575cac69551
ui-target	full
theme-color	#1e2327
color-scheme	light dark

Links:

Skip to content	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/issues/13#start-of-content
	https://patch-diff.githubusercontent.com/
Sign in	https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Fc0de8ug%2Fjavaee-tutorial%2Fissues%2F13
GitHub CopilotWrite better code with AI	https://github.com/features/copilot
GitHub SparkBuild and deploy intelligent apps	https://github.com/features/spark
GitHub ModelsManage and compare prompts	https://github.com/features/models
MCP RegistryNewIntegrate external tools	https://github.com/mcp
ActionsAutomate any workflow	https://github.com/features/actions
CodespacesInstant dev environments	https://github.com/features/codespaces
IssuesPlan and track work	https://github.com/features/issues
Code ReviewManage code changes	https://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilities	https://github.com/security/advanced-security
Code securitySecure your code as you build	https://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they start	https://github.com/security/advanced-security/secret-protection
Why GitHub	https://github.com/why-github
Documentation	https://docs.github.com
Blog	https://github.blog
Changelog	https://github.blog/changelog
Marketplace	https://github.com/marketplace
View all features	https://github.com/features
Enterprises	https://github.com/enterprise
Small and medium teams	https://github.com/team
Startups	https://github.com/enterprise/startups
Nonprofits	https://github.com/solutions/industry/nonprofits
App Modernization	https://github.com/solutions/use-case/app-modernization
DevSecOps	https://github.com/solutions/use-case/devsecops
DevOps	https://github.com/solutions/use-case/devops
CI/CD	https://github.com/solutions/use-case/ci-cd
View all use cases	https://github.com/solutions/use-case
Healthcare	https://github.com/solutions/industry/healthcare
Financial services	https://github.com/solutions/industry/financial-services
Manufacturing	https://github.com/solutions/industry/manufacturing
Government	https://github.com/solutions/industry/government
View all industries	https://github.com/solutions/industry
View all solutions	https://github.com/solutions
AI	https://github.com/resources/articles?topic=ai
Software Development	https://github.com/resources/articles?topic=software-development
DevOps	https://github.com/resources/articles?topic=devops
Security	https://github.com/resources/articles?topic=security
View all topics	https://github.com/resources/articles
Customer stories	https://github.com/customer-stories
Events & webinars	https://github.com/resources/events
Ebooks & reports	https://github.com/resources/whitepapers
Business insights	https://github.com/solutions/executive-insights
GitHub Skills	https://skills.github.com
Documentation	https://docs.github.com
Customer support	https://support.github.com
Community forum	https://github.com/orgs/community/discussions
Trust center	https://github.com/trust-center
Partners	https://github.com/partners
GitHub SponsorsFund open source developers	https://github.com/sponsors
Security Lab	https://securitylab.github.com
Maintainer Community	https://maintainers.github.com
Accelerator	https://github.com/accelerator
Archive Program	https://archiveprogram.github.com
Topics	https://github.com/topics
Trending	https://github.com/trending
Collections	https://github.com/collections
Enterprise platformAI-powered developer platform	https://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security features	https://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI features	https://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 support	https://github.com/premium-support
Pricing	https://github.com/pricing
Search syntax tips	https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentation	https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in	https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Fc0de8ug%2Fjavaee-tutorial%2Fissues%2F13
Sign up	https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fissues_fragments%2Fissue_layout&source=header-repo&source_repo=c0de8ug%2Fjavaee-tutorial
Reload	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/issues/13
Reload	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/issues/13
Reload	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/issues/13
c0de8ug	https://patch-diff.githubusercontent.com/c0de8ug
javaee-tutorial	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial
Notifications	https://patch-diff.githubusercontent.com/login?return_to=%2Fc0de8ug%2Fjavaee-tutorial
Fork 113	https://patch-diff.githubusercontent.com/login?return_to=%2Fc0de8ug%2Fjavaee-tutorial
Star 202	https://patch-diff.githubusercontent.com/login?return_to=%2Fc0de8ug%2Fjavaee-tutorial
Code	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial
Issues 3	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/issues
Pull requests 10	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/pulls
Actions	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/actions
Projects 0	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/projects
Security 0	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/security
Insights	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/pulse
Code	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial
Issues	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/issues
Pull requests	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/pulls
Actions	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/actions
Projects	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/projects
Security	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/security
Insights	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/pulse
New issue	https://patch-diff.githubusercontent.com/login?return_to=https://github.com/c0de8ug/javaee-tutorial/issues/13
New issue	https://patch-diff.githubusercontent.com/login?return_to=https://github.com/c0de8ug/javaee-tutorial/issues/13
Dependency org.apache.shiro:shiro-web, leading to CVE problem	https://patch-diff.githubusercontent.com/c0de8ug/javaee-tutorial/issues/13#top
	https://github.com/CVEDetect
	https://github.com/CVEDetect
CVEDetect	https://github.com/CVEDetect
on Sep 13, 2021	https://github.com/c0de8ug/javaee-tutorial/issues/13#issue-994552349
CVE-2020-11989	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989
GitHub	https://github.com/apache/shiro/commit/b90f91875e5e18c4805013c2fa0567b1700f5a96
	https://github.com
Terms	https://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacy	https://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Security	https://github.com/security
Status	https://www.githubstatus.com/
Community	https://github.community/
Docs	https://docs.github.com/
Contact	https://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.