apache / dubbo-go-hessian2

caucho hessian2 implementation in Go for [apache/dubbo-go](https://github.com/apache/dubbo-go) which is compatible with [dubbo-hessian-lite](https://github.com/apache/dubbo-hessian-lite)
Apache License 2.0
209 stars 113 forks source link

There is a vulnerability in jetty 9.4.16.v20190411 ,upgrade recommended #267

Closed QiAnXinCodeSafe closed 3 years ago

QiAnXinCodeSafe commented 3 years ago

https://github.com/apache/dubbo-go-hessian2/blob/6f053c6c6b3a572f3388f22e0056c5e7b412f1c0/test_hessian/pom.xml#L40-L42

CVE-2021-28165 CVE-2020-27216 CVE-2020-27223 CVE-2019-10247 CVE-2019-10246

Recommended upgrade version:9.4.39.v20210325

wongoo commented 3 years ago

fixed in https://github.com/apache/dubbo-go-hessian2/commit/59acf74088f2ff04aa3e400590cd4a63c305413f