Source++ is an open-source live coding platform. Add breakpoints, logs, metrics, and tracing to live production applications

Source++

Last update: Dec 14, 2022

Related tags

Development Framework monitoring production live-coding debug developer-tools aop observability distributed-tracing skywalking

Overview

Source++ is an open-source live coding platform. Add breakpoints, logs, metrics, and distributed tracing to live production software in real-time on-demand, right from your IDE or CLI.

Powered by Apache SkyWalking, Source++ enhances the software development experience with production debugging and development capabilities. Become a production-aware developer, understand code faster and deeper with developer-native observability technology, safely debug production applications with negligible to minimal overhead, and gain continuous insight into your application as it behaves in its natural environment.

Features

Live Instruments
- Live Breakpoints: Non-Breaking Breakpoints
- Live Logs: Just-in-Time Logging
- Live Meters: Real-Time KPI Monitoring
- Live Spans: User-Domain Tracing
Multi-instance debugging
Role-based access control
Instrument conditionals
Instrument TTL, sampling, rate limiting
Feedback whitelist/blacklist
PII redaction

Architecture

Get Started

Tutorials
- JVM
- Python
Probes
- JVM
- Python
Clients
- JetBrains Plugin
- Admin CLI / Developer CLI

Compiling Project

Follow this document.

Documentation

The Source++ documentation is available here.

Directory Structure

.
├── config              # Development setup, Detekt, etc.
├── docker              # Docker setup files
    ├── e2e             # End-to-end testing environment
    ├── spp-oap-server  # SkyWalking OAP (incl. Source++ processor) image
    └── spp-platform    # Live coding server image
├── documentation       # Documentation
├── gradle              # Gradle wrapper
├── interfaces          # Live coding clients
    ├── cli             # Command-line interface
    └── marker          # IDE plugin
├── platform            # Live coding server
    ├── common          # Common code
    ├── core            # Core code
    └── services        # Services
├── probes              # Live coding probes
    ├── jvm             # JVM support
    └── python          # Python support
├── processors          # Live coding processors
    ├── instrument      # Live instrument processing
    └── log-summary     # Log summary processing
└── protocol            # Communication protocol

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Please see the LICENSE file in our repository for the full text.

Comments

[auto-generated:-869634266] Unspecified error

Plugin Name: Source++
Plugin Version: 0.7.3.1
OS Name: Windows 11
Java Version: 17.0.4.1
App Name: IDEA
App Full Name: IntelliJ IDEA
App Version name: IntelliJ IDEA
Is EAP: false
App Build: IU-222.4345.14
App Version: 2022.2.3
Last Action: Unknown
title: [auto-generated:-869634266] Unspecified error

Full StackTrace

java.lang.NullPointerException at spp.jetbrains.marker.jvm.service.utils.JVMMarkerUtils.getFullyQualifiedName(JVMMarkerUtils.kt:561) at spp.jetbrains.marker.jvm.service.utils.JVMMarkerUtils.getFullyQualifiedName(JVMMarkerUtils.kt:389) at spp.jetbrains.marker.jvm.service.JVMArtifactNamingService.getFullyQualifiedName(JVMArtifactNamingService.kt:97) at spp.jetbrains.marker.service.ArtifactNamingService.getFullyQualifiedName(ArtifactNamingService.kt:56) at spp.jetbrains.marker.source.mark.api.ClassSourceMark.(ClassSourceMark.kt:45) at spp.jetbrains.marker.source.mark.guide.ClassGuideMark.(ClassGuideMark.kt:34) at spp.jetbrains.marker.source.SourceFileMarker.createClassSourceMark(SourceFileMarker.kt:317) at spp.jetbrains.marker.jvm.JVMGuideProvider.makeClassGuideMark$lambda-0(JVMGuideProvider.kt:64) at com.intellij.openapi.application.impl.ApplicationImpl.runReadAction(ApplicationImpl.java:915) at spp.jetbrains.marker.jvm.JVMGuideProvider.makeClassGuideMark(JVMGuideProvider.kt:58) at spp.jetbrains.marker.jvm.JVMGuideProvider.access$makeClassGuideMark(JVMGuideProvider.kt:33) at spp.jetbrains.marker.jvm.JVMGuideProvider$determineGuideMarks$1.visitElement(JVMGuideProvider.kt:48) at org.jetbrains.kotlin.psi.KtElementImplStub.accept(KtElementImplStub.java:52) at com.intellij.psi.impl.PsiElementBase.acceptChildren(PsiElementBase.java:58) at com.intellij.psi.JavaRecursiveElementVisitor.visitElement(JavaRecursiveElementVisitor.java:44) at spp.jetbrains.marker.jvm.JVMGuideProvider$determineGuideMarks$1.visitElement(JVMGuideProvider.kt:38) at org.jetbrains.kotlin.psi.KtElementImplStub.accept(KtElementImplStub.java:52) at com.intellij.psi.impl.PsiElementBase.acceptChildren(PsiElementBase.java:58) at com.intellij.psi.JavaRecursiveElementVisitor.visitElement(JavaRecursiveElementVisitor.java:44) at spp.jetbrains.marker.jvm.JVMGuideProvider$determineGuideMarks$1.visitElement(JVMGuideProvider.kt:38) at org.jetbrains.kotlin.psi.KtElementImplStub.accept(KtElementImplStub.java:52) at com.intellij.psi.impl.source.tree.SharedImplUtil.acceptChildren(SharedImplUtil.java:185) at com.intellij.psi.impl.source.PsiFileImpl.acceptChildren(PsiFileImpl.java:754) at spp.jetbrains.marker.jvm.JVMGuideProvider.determineGuideMarks(JVMGuideProvider.kt:36) at spp.jetbrains.marker.service.SourceGuideProvider$getProvider$1$1.determineGuideMarks(SourceGuideProvider.kt:50) at spp.jetbrains.marker.service.SourceGuideProvider.determineGuideMarks$lambda-6(SourceGuideProvider.kt:64) at com.intellij.openapi.application.ReadAction.lambda$run$1(ReadAction.java:59) at com.intellij.openapi.application.impl.ApplicationImpl.runReadAction(ApplicationImpl.java:941) at com.intellij.openapi.application.ReadAction.compute(ReadAction.java:68) at com.intellij.openapi.application.ReadAction.run(ReadAction.java:58) at spp.jetbrains.marker.service.SourceGuideProvider.determineGuideMarks(SourceGuideProvider.kt:61) at spp.jetbrains.marker.SourceMarker$getSourceFileMarker$1.invokeSuspend(SourceMarker.kt:104) at spp.jetbrains.marker.SourceMarker$getSourceFileMarker$1.invoke(SourceMarker.kt) at spp.jetbrains.marker.SourceMarker$getSourceFileMarker$1.invoke(SourceMarker.kt) at spp.jetbrains.ScopeExtensions$safeGlobalLaunch$1$1.invokeSuspend(ScopeExtensions.kt:61) at spp.jetbrains.ScopeExtensions$safeGlobalLaunch$1$1.invoke(ScopeExtensions.kt) at spp.jetbrains.ScopeExtensions$safeGlobalLaunch$1$1.invoke(ScopeExtensions.kt) at spp.jetbrains.ScopeExtensions.safeExecute(ScopeExtensions.kt:52) at spp.jetbrains.ScopeExtensions$safeGlobalLaunch$1.invokeSuspend(ScopeExtensions.kt:60) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:570) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:677) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:664)

a:bug

opened by source-bot 5

Jetbrains plugin timing out

I'm not sure if I set the platform up wrong, but I am getting errors in my IntelliJ logs:

2022-07-20 18:19:48,634 [ 495191]   INFO - STDERR - (TIMEOUT,-1) Timed out after waiting 30000(ms) for a reply. address: __vertx.reply.334, repliedAddress: monitor.skywalking.service.currentService
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.eventbus.impl.ReplyHandler.handle(ReplyHandler.java:76)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.eventbus.impl.ReplyHandler.handle(ReplyHandler.java:24)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.VertxImpl$InternalTimerHandler.handle(VertxImpl.java:899)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.VertxImpl$InternalTimerHandler.handle(VertxImpl.java:866)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.EventLoopContext.emit(EventLoopContext.java:56)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.ContextImpl.emit(ContextImpl.java:274)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.EventLoopContext.emit(EventLoopContext.java:23)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.AbstractContext.emit(AbstractContext.java:53)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.EventLoopContext.emit(EventLoopContext.java:23)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.vertx.core.impl.VertxImpl$InternalTimerHandler.run(VertxImpl.java:889)
2022-07-20 18:19:48,635 [ 495192]   INFO - STDERR - 	at io.netty.util.concurrent.PromiseTask.runTask(PromiseTask.java:98)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.concurrent.ScheduledFutureTask.run(ScheduledFutureTask.java:170)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:469)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:503)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
2022-07-20 18:19:48,636 [ 495193]   INFO - STDERR - 	at java.base/java.lang.Thread.run(Thread.java:829)

I think I have the platform set up correctly because before these errors start, the plugin initializes successfully:

2022-07-20 18:17:43,046 [ 369603]   INFO - STDOUT - 18:17:43.046 INFO  s.j.s.SourceMarkerPlugin - Discovering available services
2022-07-20 18:17:43,078 [ 369635]   INFO - STDOUT - 18:17:43.078 INFO  s.j.s.SourceMarkerPlugin - Live service available
2022-07-20 18:17:43,079 [ 369636]   INFO - STDOUT - 18:17:43.079 INFO  s.j.s.SourceMarkerPlugin - Live instruments available
2022-07-20 18:17:43,084 [ 369641]   INFO - STDOUT - 18:17:43.084 INFO  s.j.m.SourceMarker - Adding global source mark event listener: spp.jetbrains.sourcemarker.status.LiveStatusManager@6e5e403c
2022-07-20 18:17:43,092 [ 369649]   INFO - STDOUT - 18:17:43.091 INFO  s.j.s.SourceMarkerPlugin - Live views available
2022-07-20 18:17:43,092 [ 369649]   INFO - STDOUT - 18:17:43.092 DEBUG s.j.m.s.SkywalkingMonitor - Setting up Apache SkyWalking monitor
2022-07-20 18:17:43,093 [ 369650]   INFO - STDOUT - 18:17:43.093 DEBUG s.j.m.s.SkywalkingMonitor - Apache SkyWalking server: http://localhost:12800/graphql
2022-07-20 18:17:43,117 [ 369674]   INFO - STDOUT - 18:17:43.116 INFO  s.j.m.s.SkywalkingClient - Registering Apache SkyWalking codecs
2022-07-20 18:17:43,118 [ 369675]   INFO - STDOUT - 18:17:43.118 INFO  s.j.m.s.SkywalkingMonitor - Successfully setup Apache SkyWalking monitor
2022-07-20 18:17:43,119 [ 369676]   INFO - STDOUT - 18:17:43.118 INFO  s.j.s.p.PortalController - Initializing portal
2022-07-20 18:17:43,119 [ 369676]   INFO - STDOUT - 18:17:43.119 INFO  s.j.s.p.PortalController - Initializing portal server
2022-07-20 18:17:43,125 [ 369682]   INFO - STDOUT - 18:17:43.124 INFO  s.j.s.p.PortalController - Portal server initialized
2022-07-20 18:17:43,125 [ 369682]   INFO - STDOUT - 18:17:43.125 INFO  s.j.m.SourceMarker - Adding global source mark event listener: spp.jetbrains.sourcemarker.portal.PortalController$$Lambda$4783/0x00000001030c3440@63159e7c
2022-07-20 18:17:43,125 [ 369682]   INFO - STDOUT - 18:17:43.125 INFO  s.j.s.p.PortalController - Portal initialized
2022-07-20 18:17:43,134 [ 369691]   INFO - STDOUT - 18:17:43.134 INFO  s.j.s.s.LiveInstrumentManager - Found 0 active live status bars

a:bug in:interface-jetbrains

opened by MrMineO5 5

Live Instrument integration testing
@abdlquadri, take a look at https://github.com/sourceplusplus/live-platform/blob/master/platform/processor/live-instrument/src/test/kotlin/integration/SimplePrimitivesLiveInstrumentTest.kt for the new live instrument integration test structure.

This is a self-contained test that adds a live breakpoint to itself and verifies data types and values. It uses dynamic line numbers through the use of addLineLabel(labelName). This allows you to build tests without having to worry about line numbers changing and supports adding multiple line number labels for more complex tests.

I'll add more tests as I think of them but to get started please add tests verifying:

Live Breakpoint

[x] Arrays and lists of each primitive type works

[x] Datatypes defined in LiveVariablePresentation are formatted correctly

[x] Multiple breakpoints can be placed one line number apart

[x] Multiple breakpoints can be placed on the same line number

[x] Large objects get rejected (search this repo for TWO_MB_ARR for an example of a large object)

[x] Deep objects get rejected (e.x. an object that contains an object four layers deep)

[x] Verify throttle works (LiveBreakpoint.throttle)

[x] Verify meta propagates (LiveBreakpoint.meta)

[x] Verify hit limit works (LiveBreakpoint.hitLimit)

[x] Verify expires at works (LiveBreakpoint.expiresAt)

[x] Verify condition works (LiveBreakpoint.condition)

Live Log

[x] Ensure primitive types format correctly

Live Meter

[ ] todo

Live Span

[ ] todo

If you need me to clarify anything, please let me know.
to:live-instrument in:live-platform a:test
opened by BFergerson 4
Storage module tests
Storage Module Integration Tests

Description

Adds

integration.BaseStorageITTest,

integration.MemoryStorageITTest and

integration.RedisStorageITTest

in order to verify storage module functions in both spp.platform.storage.MemoryStorage and spp.platform.storage.RedisStorage
opened by abdlquadri 4

Platform error after getting redirected from login

When logging in on the http port I got redirected to /auth with the body "Internal server error", this issue did not occur again after reloading the page, so it may only happen sometimes. See the stacktrace below.

2022-07-26 17:31:36,045 - spp.platform.core.SourcePlatform -121844 [vert.x-eventloop-thread-7] ERROR [] - Failed request: /auth
java.lang.IllegalStateException: Request has already been read
        at io.vertx.core.http.impl.Http1xServerRequest.checkEnded(Http1xServerRequest.java:651) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.core.http.impl.Http1xServerRequest.handler(Http1xServerRequest.java:292) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.impl.HttpServerRequestWrapper.handler(HttpServerRequestWrapper.java:104) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.handler.impl.BodyHandlerImpl.handle(BodyHandlerImpl.java:128) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.handler.impl.BodyHandlerImpl.handle(BodyHandlerImpl.java:46) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1267) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:126) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:141) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.ext.web.handler.impl.SessionHandlerImpl.lambda$handle$6(SessionHandlerImpl.java:301) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.core.impl.future.FutureImpl$1.onSuccess(FutureImpl.java:91) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.core.impl.future.FutureImpl$ListenerArray.onSuccess(FutureImpl.java:262) ~[spp-platform-core-0.5.5.jar:?]
        at io.vertx.core.impl.future.FutureBase.lambda$emitSuccess$0(FutureBase.java:54) ~[spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:503) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:995) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [spp-platform-core-0.5.5.jar:?]
        at spp.platform.dependencies.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [spp-platform-core-0.5.5.jar:?]
        at java.lang.Thread.run(Unknown Source) [?:?]

a:bug in:live-platform

opened by MrMineO5 4

Bump io.gitlab.arturbosch.detekt from 1.18.1 to 1.19.0
Bumps io.gitlab.arturbosch.detekt from 1.18.1 to 1.19.0.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
opened by dependabot[bot] 4
Bump junit-jupiter-engine from 5.7.2 to 5.8.0
Bumps junit-jupiter-engine from 5.7.2 to 5.8.0.

Release notes

Sourced from junit-jupiter-engine's releases.

JUnit 5.8.0 = Platform 1.8.0 + Jupiter 5.8.0 + Vintage 5.8.0

See Release Notes.

JUnit 5.8.0-RC1 = Platform 1.8.0-RC1 + Jupiter 5.8.0-RC1 + Vintage 5.8.0-RC1

See Release Notes.

JUnit 5.8.0-M1 = Platform 1.8.0-M1 + Jupiter 5.8.0-M1 + Vintage 5.8.0-M1

See Release Notes.

Commits

709fd6e Release 5.8

fa74055 Use text block

d36ea28 Declare service in module descriptor

6c0bf02 Fix modular user guide tests by reading module jdk.httpserver

b6dff0d Add LauncherSessionListener example to user guide

439084d Polish documentation for 5.8 GA

fa021ed Document published dependency scope change as potentially breaking

efb980c Polishing

0bd6feb Remove link to package private class in Javadoc

75538a7 Document that autoCloseArguments in @ParameterizedTest is a potentially break...

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
opened by dependabot[bot] 4
graphql-java-18.1.jar: 1 vulnerabilities (highest severity is: 7.5) - autoclosed
Vulnerable Library - graphql-java-18.1.jar

GraphqL Java

Path to dependency file: /platform/processor/live-instrument/build.gradle.kts

Path to vulnerable library: /caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar

Found in HEAD commit: dbb0c37636e6e66a5de8b2fe3945098ca275d4b8

Vulnerabilities

| CVE | Severity | CVSS | Dependency | Type | Fixed in (graphql-java version) | Remediation Available | | ------------- | ------------- | ----- | ----- | ----- | ------------- | --- | | CVE-2022-37734 | High | 7.5 | graphql-java-18.1.jar | Direct | 18.3 | ❌ |

Details

CVE-2022-37734

Vulnerable Library - graphql-java-18.1.jar

GraphqL Java

Path to dependency file: /platform/processor/live-instrument/build.gradle.kts

Path to vulnerable library: /caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar,/caches/modules-2/files-2.1/com.graphql-java/graphql-java/18.1/cdac2372878a8db6fbd1b6b7ba0b55e5ba7a717e/graphql-java-18.1.jar

Dependency Hierarchy:

:x: graphql-java-18.1.jar (Vulnerable Library)

Found in HEAD commit: dbb0c37636e6e66a5de8b2fe3945098ca275d4b8

Found in base branch: master

Vulnerability Details

graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.

Publish Date: 2022-09-12
URL: CVE-2022-37734

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None

Scope: Unchanged

Impact Metrics:

Confidentiality Impact: None

Integrity Impact: None

Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-09-12

Fix Resolution: 18.3

Step up your Open Source Security Game with Mend here

security vulnerability
opened by mend-bolt-for-github[bot] 3
jackson-databind-2.13.4.jar: 1 vulnerabilities (highest severity is: 7.5) - autoclosed
Vulnerable Library - jackson-databind-2.13.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /platform/common/build.gradle.kts

Path to vulnerable library: /caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar

Found in HEAD commit: dbb0c37636e6e66a5de8b2fe3945098ca275d4b8

Vulnerabilities

| CVE | Severity | CVSS | Dependency | Type | Fixed in (jackson-databind version) | Remediation Available | | ------------- | ------------- | ----- | ----- | ----- | ------------- | --- | | CVE-2022-42003 | High | 7.5 | jackson-databind-2.13.4.jar | Direct | 2.13.4.1 | ❌ |

Details

CVE-2022-42003

Vulnerable Library - jackson-databind-2.13.4.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /platform/common/build.gradle.kts

Path to vulnerable library: /caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-databind/2.13.4/98b0edfa8e4084078f10b7b356c300ded4a71491/jackson-databind-2.13.4.jar

Dependency Hierarchy:

:x: jackson-databind-2.13.4.jar (Vulnerable Library)

Found in HEAD commit: dbb0c37636e6e66a5de8b2fe3945098ca275d4b8

Found in base branch: master

Vulnerability Details

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1

Publish Date: 2022-10-02
URL: CVE-2022-42003

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None

Scope: Unchanged

Impact Metrics:

Confidentiality Impact: None

Integrity Impact: None

Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-02

Fix Resolution: 2.13.4.1

Step up your Open Source Security Game with Mend here

security vulnerability
opened by mend-bolt-for-github[bot] 3

Variable reference presentations differ from referenced variables

package spp.example.webapp.edge;

import org.springframework.stereotype.Component;

import javax.annotation.PostConstruct;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;

@Component
public class SingletonSelfReference implements Runnable {

    SingletonSelfReference selfReference;
    int i = 1;
    char c = 'h';
    String s = "hi";
    float f = 1.0f;
    long max = Long.MAX_VALUE;
    byte b = -2;
    short sh = Short.MIN_VALUE;
    double d = 00.23d;
    boolean bool = true;

    class ComplexObject {
        int i = 1;
    }
    ComplexObject complexObject = new ComplexObject();

    @PostConstruct
    public void init() {
        selfReference = this;
        ScheduledExecutorService executorService = Executors.newSingleThreadScheduledExecutor();
        executorService.scheduleAtFixedRate(this, 0, 2, TimeUnit.SECONDS);
    }

    @Override
    public void run() {
        System.out.println(selfReference);
    }
}

a:bug in:interface-jetbrains in:probe-jvm of:small-effort

opened by BFergerson 3

Fields that are not exported by their module cause the parent object to fail

When the JVM probe generates debug information for objects, it reads their fields. If one of those fields is not exported, the entire object is marked with EXCEPTION_OCCURRED rather than just that field. Unable to make field sun.net.httpserver.ExchangeImpl sun.net.httpserver.HttpExchangeImpl.impl accessible: module jdk.httpserver does not "opens sun.net.httpserver" to unnamed module @2da3b078
a:bug in:probe-jvm of:medium-effort

opened by MrMineO5 3

[auto-generated:576460491] Unspecified error

Plugin Name: Source++
Plugin Version: 0.7.6.1
OS Name: Windows 10
Java Version: 17.0.5
App Name: PyCharm
App Full Name: PyCharm
App Version name: PyCharm
Is EAP: false
App Build: PY-223.8214.51
App Version: 2022.3.1
Last Action: Unknown
title: [auto-generated:576460491] Unspecified error

Full StackTrace

java.lang.NullPointerException at liveplugin.implementation.common.Ide_utilKt$livePluginNotificationGroup$2.invoke(ide-util.kt:45) at liveplugin.implementation.common.Ide_utilKt$livePluginNotificationGroup$2.invoke(ide-util.kt:44) at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74) at liveplugin.implementation.common.Ide_utilKt.getLivePluginNotificationGroup(ide-util.kt:44) at liveplugin.implementation.LivePluginProjectLoader.projectOpened(LivePluginProjectLoader.kt:34) at spp.jetbrains.sourcemarker.SourceMarkerPlugin.init(SourceMarkerPlugin.kt:160) at spp.jetbrains.sourcemarker.SourceMarkerPlugin.init$default(SourceMarkerPlugin.kt:140) at spp.jetbrains.sourcemarker.SourceMarkerPlugin$runActivity$1.invokeSuspend(SourceMarkerPlugin.kt:136) at spp.jetbrains.sourcemarker.SourceMarkerPlugin$runActivity$1.invoke(SourceMarkerPlugin.kt) at spp.jetbrains.sourcemarker.SourceMarkerPlugin$runActivity$1.invoke(SourceMarkerPlugin.kt) at spp.jetbrains.ScopeExtensions$safeRunBlocking$1.invokeSuspend(ScopeExtensions.kt:31) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) at kotlinx.coroutines.EventLoopImplBase.processNextEvent(EventLoop.common.kt:284) at kotlinx.coroutines.BlockingCoroutine.joinBlocking(Builders.kt:85) at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking(Builders.kt:59) at kotlinx.coroutines.BuildersKt.runBlocking(Unknown Source) at kotlinx.coroutines.BuildersKt__BuildersKt.runBlocking$default(Builders.kt:38) at kotlinx.coroutines.BuildersKt.runBlocking$default(Unknown Source) at spp.jetbrains.ScopeExtensions.safeRunBlocking(ScopeExtensions.kt:29) at spp.jetbrains.sourcemarker.SourceMarkerPlugin.runActivity(SourceMarkerPlugin.kt:136) at com.intellij.ide.startup.impl.StartupManagerImpl.runActivityAndMeasureDuration(StartupManagerImpl.kt:340) at com.intellij.ide.startup.impl.StartupManagerImpl.access$runActivityAndMeasureDuration(StartupManagerImpl.kt:66) at com.intellij.ide.startup.impl.StartupManagerImpl$runPostStartupActivities$2$3.invoke$lambda$0(StartupManagerImpl.kt:295) at com.intellij.openapi.project.DumbServiceImpl.doRun(DumbServiceImpl.java:388) at com.intellij.openapi.project.DumbServiceImpl.updateFinished(DumbServiceImpl.java:380) at com.intellij.openapi.project.TrackedEdtActivityService$TrackedEdtActivity.run(TrackedEdtActivityService.java:66) at com.intellij.openapi.application.TransactionGuardImpl.runWithWritingAllowed(TransactionGuardImpl.java:209) at com.intellij.openapi.application.TransactionGuardImpl.access$100(TransactionGuardImpl.java:21) at com.intellij.openapi.application.TransactionGuardImpl$1.run(TransactionGuardImpl.java:191) at com.intellij.openapi.application.impl.ApplicationImpl.runIntendedWriteActionOnCurrentThread(ApplicationImpl.java:813) at com.intellij.openapi.application.impl.ApplicationImpl$3.run(ApplicationImpl.java:429) at com.intellij.openapi.application.impl.FlushQueue.doRun(FlushQueue.java:74) at com.intellij.openapi.application.impl.FlushQueue.runNextEvent(FlushQueue.java:114) at com.intellij.openapi.application.impl.FlushQueue.flushNow(FlushQueue.java:36) at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:318) at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:779) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:730) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:724) at java.base/java.security.AccessController.doPrivileged(AccessController.java:399) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86) at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:749) at com.intellij.ide.IdeEventQueue.defaultDispatchEvent(IdeEventQueue.java:909) at com.intellij.ide.IdeEventQueue._dispatchEvent(IdeEventQueue.java:756) at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$5(IdeEventQueue.java:437) at com.intellij.openapi.progress.impl.CoreProgressManager.computePrioritized(CoreProgressManager.java:772) at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$6(IdeEventQueue.java:436) at com.intellij.openapi.application.TransactionGuardImpl.performActivity(TransactionGuardImpl.java:105) at com.intellij.ide.IdeEventQueue.performActivity(IdeEventQueue.java:615) at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$7(IdeEventQueue.java:434) at com.intellij.openapi.application.impl.ApplicationImpl.runIntendedWriteActionOnCurrentThread(ApplicationImpl.java:813) at com.intellij.ide.IdeEventQueue.dispatchEvent(IdeEventQueue.java:480) at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:207) at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:128) at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:117) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:113) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:105) at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:92)

a:bug in:interface-jetbrains

opened by source-bot 0

server-core-9.3.0.jar: 1 vulnerabilities (highest severity is: 9.8)
Vulnerable Library - server-core-9.3.0.jar

Path to dependency file: /platform/processor/live-instrument/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar

Found in HEAD commit: 49415828fea9410c30058b2d511a068285856cc6

Vulnerabilities

| CVE | Severity | CVSS | Dependency | Type | Fixed in (server-core version) | Remediation Available | | ------------- | ------------- | ----- | ----- | ----- | ------------- | --- | | CVE-2022-1471 | High | 9.8 | snakeyaml-1.33.jar | Transitive | N/A* | ❌ |

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-1471

Vulnerable Library - snakeyaml-1.33.jar

YAML 1.1 parser and emitter for Java

Library home page: https://bitbucket.org/snakeyaml/snakeyaml

Path to dependency file: /platform/processor/live-view/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.yaml/snakeyaml/1.33/2cd0a87ff7df953f810c344bdf2fe3340b954c69/snakeyaml-1.33.jar

Dependency Hierarchy:

server-core-9.3.0.jar (Root Library)

:x: snakeyaml-1.33.jar (Vulnerable Library)

Found in HEAD commit: 49415828fea9410c30058b2d511a068285856cc6

Found in base branch: master

Vulnerability Details

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization.

Publish Date: 2022-12-01
URL: CVE-2022-1471

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None

Scope: Unchanged

Impact Metrics:

Confidentiality Impact: High

Integrity Impact: High

Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

security vulnerability
opened by mend-bolt-for-github[bot] 0