同学，您这个项目引入了37个开源组件，存在5个漏洞，辛苦升级一下

[ghost]

检测到 1689295608/MiraiBot 一共引入了37个开源组件，存在5个漏洞

漏洞标题：JetBrains Kotlin授权问题漏洞
缺陷组件：org.jetbrains.kotlin:kotlin-stdlib@1.6.0
漏洞编号：CVE-2020-29582
漏洞描述：JetBrains Kotlin是捷克JetBrains公司的一款在Java虚拟机上运行的静态类型编程语言。
JetBrains Kotlin before 1.4.2存在授权问题漏洞，该漏洞源于权限不安全，攻击者可利用该漏洞读取数据。
国家漏洞库信息：https://www.cnvd.org.cn/flaw/show/CNVD-2021-14176
影响范围：[0, ∞)
最小修复版本：
缺陷组件引入路径：com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->net.mamoe:mirai-core-api-jvm@2.10.0-RC2->org.jetbrains.kotlinx:kotlinx-coroutines-core-jvm@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk7@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->net.mamoe:mirai-core-api-jvm@2.10.0-RC2->org.jetbrains.kotlinx:kotlinx-coroutines-jdk8@1.6.0->org.jetbrains.kotlinx:kotlinx-coroutines-core-jvm@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk7@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->net.mamoe:mirai-core-api-jvm@2.10.0-RC2->org.jetbrains.kotlinx:kotlinx-coroutines-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk7@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->net.mamoe:mirai-core-api-jvm@2.10.0-RC2->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->org.jetbrains.kotlinx:kotlinx-coroutines-core-jvm@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk7@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk7@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->net.mamoe:mirai-core-api-jvm@2.10.0-RC2->org.jetbrains.kotlin:kotlin-reflect@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->net.mamoe:mirai-core-api-jvm@2.10.0-RC2->org.jetbrains.kotlinx:kotlinx-coroutines-core-jvm@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->net.mamoe:mirai-core-api-jvm@2.10.0-RC2->org.jetbrains.kotlinx:kotlinx-coroutines-jdk8@1.6.0->org.jetbrains.kotlinx:kotlinx-coroutines-core-jvm@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->net.mamoe:mirai-core-api-jvm@2.10.0-RC2->org.jetbrains.kotlinx:kotlinx-coroutines-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->net.mamoe:mirai-core-api-jvm@2.10.0-RC2->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk7@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->org.jetbrains.kotlinx:kotlinx-coroutines-core-jvm@1.6.0->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0
com.windowx.miraibot:MiraiBot@1.0-SNAPSHOT->net.mamoe:mirai-core-jvm@2.10.0-RC2->org.jetbrains.kotlin:kotlin-stdlib-jdk8@1.6.0->org.jetbrains.kotlin:kotlin-stdlib@1.6.0

另外还有5个漏洞，详细报告：https://mofeisec.com/jr?p=a28100

[1689295608]

这些依赖来自于 net.mamoe:mirai-core-api-jvm，该仓库并不属于我们

[YanJi314]

这离谱

[XIAYM-gh]

确实离谱

[XIAYM-gh]

貌似是屑机器人自动扫maven项目