GitHub / JoyChou93/java-sec-code issues and pull requests
#96 - Dev fix
Pull Request -
State: open - Opened by autumn0914 4 months ago
#95 - feat: add /CommandInject2.java
Pull Request -
State: closed - Opened by cccfeng 5 months ago
- 1 comment
#94 - Dev2 @coderabbitai
Pull Request -
State: closed - Opened by cui-liqiang 5 months ago
#93 - Dev dk
Pull Request -
State: closed - Opened by davidka91 8 months ago
#92 - Bump org.springframework:spring-expression from 4.3.16.RELEASE to 6.1.14
Pull Request -
State: open - Opened by dependabot[bot] 8 months ago
Labels: dependencies
#91 - Bump org.springframework.security:spring-security-web from 4.2.12.RELEASE to 5.7.13
Pull Request -
State: open - Opened by dependabot[bot] 9 months ago
Labels: dependencies
#90 - Bump org.springframework.security:spring-security-web from 4.2.12.RELEASE to 5.4.11
Pull Request -
State: closed - Opened by dependabot[bot] 10 months ago
- 1 comment
Labels: dependencies
#89 - Bump commons-io:commons-io from 2.5 to 2.14.0
Pull Request -
State: open - Opened by dependabot[bot] 10 months ago
Labels: dependencies
#88 - 登录不了怎么回事?
Issue -
State: open - Opened by tdtc7 11 months ago
#87 - Bump io.springfox:springfox-swagger-ui from 2.9.2 to 2.10.0
Pull Request -
State: closed - Opened by dependabot[bot] 11 months ago
- 1 comment
Labels: dependencies
#86 - Bump org.springframework:spring-expression from 4.3.16.RELEASE to 5.3.39
Pull Request -
State: closed - Opened by dependabot[bot] 12 months ago
- 1 comment
Labels: dependencies
#85 - Java 21 support
Pull Request -
State: closed - Opened by prabhu over 1 year ago
#84 - Apologies!
Issue -
State: closed - Opened by dtpoirot over 1 year ago
#83 - Joshbnewton31080 patch 1
Pull Request -
State: closed - Opened by joshbnewton31080 over 1 year ago
#81 - Jwaizguy patch 3 1
Pull Request -
State: closed - Opened by jwaizguy almost 2 years ago
#80 - test
Pull Request -
State: closed - Opened by pkumarcoverity about 2 years ago
#79 - Update Constants.java
Pull Request -
State: closed - Opened by pkumarcoverity about 2 years ago
#78 - [Bug] Codeinject的host部分由于pom.xml更新了tomcat 版本导致打不通
Issue -
State: closed - Opened by ek1ng about 2 years ago
Labels: bug
#77 - Create main.yml
Pull Request -
State: closed - Opened by bbrucesnell about 2 years ago
#76 - Update index.html
Pull Request -
State: closed - Opened by wzqs about 2 years ago
#75 - Could sec:java-sec-code:1.0.0 drop off redundant dependencies?
Pull Request -
State: closed - Opened by slimming-fat over 2 years ago
- 1 comment
Labels: wontfix
#74 - Qwietdemouser patch 2
Pull Request -
State: closed - Opened by qwietdemouser over 2 years ago
#73 - Add SSRF Code
Pull Request -
State: closed - Opened by qwietdemouser over 2 years ago
#72 - Update pom.xml
Pull Request -
State: closed - Opened by 2402089054 over 2 years ago
#71 - Modea sl patch 1
Pull Request -
State: closed - Opened by modea-sl over 2 years ago
#70 - Please update lombok
Issue -
State: closed - Opened by danielpoirot over 2 years ago
- 2 comments
#69 - docker 安装启动后,端口访问不到。
Issue -
State: closed - Opened by jielansudo over 2 years ago
- 1 comment
#68 - 直接将该项目import进IDEA后,运行时报错
Issue -
State: closed - Opened by hljlj over 2 years ago
- 1 comment
#67 - Bump commons-net from 3.6 to 3.9.0
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies
#66 - Bump snakeyaml from 1.21 to 1.32
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
- 1 comment
Labels: dependencies
#65 - Fix CVE dependency issue
Pull Request -
State: closed - Opened by CVEDetect over 2 years ago
#64 - Dependency org.apache.httpcomponents:httpclient, leading to CVE problem
Issue -
State: closed - Opened by CVEDetect over 2 years ago
- 1 comment
#63 - Dependency org.apache.tomcat.embed:tomcat-embed-core, leading to CVE problem
Issue -
State: closed - Opened by CVEDetect over 2 years ago
#62 - Dependency org.jolokia:jolokia-core, leading to CVE problem
Issue -
State: closed - Opened by CVEDetect over 2 years ago
#61 - 极狐 GitLab DevSecOps
Pull Request -
State: closed - Opened by sinkcup almost 3 years ago
Labels: invalid
#60 - Bump snakeyaml from 1.21 to 1.26
Pull Request -
State: closed - Opened by dependabot[bot] almost 3 years ago
- 1 comment
Labels: dependencies
#59 - Bump jsoup from 1.10.2 to 1.15.3
Pull Request -
State: closed - Opened by dependabot[bot] almost 3 years ago
- 1 comment
Labels: dependencies
#58 - Bump jolokia-core from 1.6.0 to 1.6.1
Pull Request -
State: closed - Opened by dependabot[bot] about 3 years ago
- 1 comment
Labels: dependencies
#57 - Bump poi from 3.10-FINAL to 4.1.1
Pull Request -
State: closed - Opened by dependabot[bot] about 3 years ago
- 1 comment
Labels: dependencies
#56 - Bump mysql-connector-java from 8.0.12 to 8.0.28
Pull Request -
State: closed - Opened by dependabot[bot] about 3 years ago
- 1 comment
Labels: dependencies
#55 - Bump fastjson from 1.2.24 to 1.2.83
Pull Request -
State: closed - Opened by dependabot[bot] about 3 years ago
- 1 comment
Labels: dependencies
#54 - Bump log4j-core from 2.9.1 to 2.17.1
Pull Request -
State: closed - Opened by dependabot[bot] over 3 years ago
- 1 comment
Labels: dependencies
#53 - Bump xlsx-streamer from 2.0.0 to 2.1.0
Pull Request -
State: closed - Opened by dependabot[bot] over 3 years ago
- 1 comment
Labels: dependencies
#52 - Feature dev
Pull Request -
State: closed - Opened by blackduckron over 3 years ago
#51 - Bump xstream from 1.4.10 to 1.4.19
Pull Request -
State: closed - Opened by dependabot[bot] over 3 years ago
- 1 comment
Labels: dependencies
#50 - Bump log4j-core from 2.8.2 to 2.16.0
Pull Request -
State: closed - Opened by dependabot[bot] over 3 years ago
- 1 comment
Labels: dependencies
#49 - Bump log4j-core from 2.8.2 to 2.15.0
Pull Request -
State: closed - Opened by dependabot[bot] over 3 years ago
- 1 comment
Labels: dependencies
#48 - CRLF无法复现?
Issue -
State: closed - Opened by zack996 over 3 years ago
- 2 comments
#46 - sqli的url有点小问题,应当是jdbc/vuln?username=
Issue -
State: closed - Opened by FeatherStark almost 4 years ago
- 1 comment
#45 - Bump xstream from 1.4.10 to 1.4.18
Pull Request -
State: closed - Opened by dependabot[bot] almost 4 years ago
- 1 comment
Labels: dependencies
#44 - Bump jsoup from 1.10.2 to 1.14.2
Pull Request -
State: closed - Opened by dependabot[bot] almost 4 years ago
- 1 comment
Labels: dependencies
#43 - RCE的链接无法访问,其他的漏洞可以正常访问
Issue -
State: closed - Opened by Catcheryp about 4 years ago
- 1 comment
#42 - RCE的链接无法访问,其他的漏洞可以正常访问
Issue -
State: closed - Opened by Catcheryp about 4 years ago
- 1 comment
#41 - Bump httpclient from 4.5.12 to 4.5.13
Pull Request -
State: closed - Opened by dependabot[bot] about 4 years ago
- 1 comment
Labels: dependencies
#40 - Bump xstream from 1.4.10 to 1.4.17
Pull Request -
State: closed - Opened by dependabot[bot] about 4 years ago
- 1 comment
Labels: dependencies
#39 - Code cleanup
Pull Request -
State: closed - Opened by matteobaccan about 4 years ago
- 1 comment
Labels: wontfix
#38 - Bump spring-security-web from 4.2.12.RELEASE to 5.2.10.RELEASE
Pull Request -
State: closed - Opened by dependabot[bot] about 4 years ago
- 1 comment
Labels: dependencies
#37 - Bump commons-io from 2.5 to 2.7
Pull Request -
State: closed - Opened by dependabot[bot] over 4 years ago
- 1 comment
Labels: dependencies
#36 - jolokia/list访问不到
Issue -
State: closed - Opened by HYWZ36 over 4 years ago
- 1 comment
#35 - Java 1.7/1.8 no CRLF vulns (test in Java 1.7/1.8)
Issue -
State: closed - Opened by HYWZ36 over 4 years ago
- 1 comment
#34 - crlf injection is wrong
Issue -
State: closed - Opened by HYWZ36 over 4 years ago
- 1 comment
#33 - Bump xstream from 1.4.10 to 1.4.16
Pull Request -
State: closed - Opened by dependabot[bot] over 4 years ago
- 1 comment
Labels: dependencies
#32 - 自动化渗透获取token方法
Issue -
State: closed - Opened by xx-zhang over 4 years ago
#31 - 文件上传中/file/目录下上传文件跳转页面不存在
Issue -
State: closed - Opened by Xandrillite over 4 years ago
Labels: bug
#30 - 关于Cookies部分意图的疑问
Issue -
State: closed - Opened by R3col over 4 years ago
- 2 comments
#29 - Bump poi from 3.10-FINAL to 3.17
Pull Request -
State: closed - Opened by dependabot[bot] over 4 years ago
- 1 comment
Labels: dependencies
#28 - Bump xstream from 1.4.10 to 1.4.15
Pull Request -
State: closed - Opened by dependabot[bot] over 4 years ago
- 1 comment
Labels: dependencies
#27 - 执行rm -rf /*之后系统不能用了
Issue -
State: closed - Opened by canliture over 4 years ago
- 1 comment
#26 - Bump xstream from 1.4.10 to 1.4.13-java7
Pull Request -
State: closed - Opened by dependabot[bot] over 4 years ago
- 1 comment
Labels: dependencies
#25 - docker 环境mysql 连接 报错 Public Key Retrieval is not allowed
Issue -
State: closed - Opened by jax777 almost 5 years ago
- 3 comments
#24 - MySQL commands to support running JavaSecCode
Issue -
State: closed - Opened by dtpoirot almost 5 years ago
- 2 comments
Labels: wontfix
#23 - 无法使用
Issue -
State: closed - Opened by godzeo about 5 years ago
- 5 comments
#22 - Bump mysql-connector-java from 8.0.12 to 8.0.16
Pull Request -
State: closed - Opened by dependabot[bot] about 5 years ago
- 1 comment
Labels: dependencies
#21 - Bump log4j-core from 2.8.2 to 2.13.2
Pull Request -
State: closed - Opened by dependabot[bot] about 5 years ago
- 1 comment
Labels: dependencies
#20 - Bump commons-collections from 3.1 to 3.2.2
Pull Request -
State: closed - Opened by dependabot[bot] about 5 years ago
- 1 comment
Labels: dependencies
#19 - Bump dom4j from 2.1.0 to 2.1.3
Pull Request -
State: closed - Opened by dependabot[bot] about 5 years ago
- 1 comment
Labels: dependencies
#18 - 新增两个文件操作相关的注意点
Pull Request -
State: closed - Opened by leveryd about 5 years ago
#17 - sync
Pull Request -
State: closed - Opened by liergou9981 over 5 years ago
#16 - bug fix
Pull Request -
State: closed - Opened by liergou9981 over 5 years ago
- 1 comment
#15 - 增加socket hook模块 实现socket层拦截SSRF
Pull Request -
State: closed - Opened by liergou9981 over 5 years ago
#14 - 目前针对DnsRebind的问题无法解决
Issue -
State: closed - Opened by JoyChou93 over 5 years ago
#13 - Jsonp的Referer拦截比较粗暴
Issue -
State: closed - Opened by JoyChou93 over 5 years ago
#12 - Bump dom4j from 2.1.0 to 2.1.1
Pull Request -
State: closed - Opened by dependabot[bot] over 5 years ago
- 1 comment
Labels: dependencies
#11 - Bump fastjson from 1.2.24 to 1.2.25
Pull Request -
State: closed - Opened by dependabot[bot] over 5 years ago
- 1 comment
Labels: dependencies
#10 - Bump xstream from 1.4.10 to 1.4.10-java7
Pull Request -
State: closed - Opened by dependabot[bot] over 5 years ago
- 1 comment
Labels: dependencies
#9 - Add more vulnerable code snippets about SQLi(mybatis) and XSS(reflect, stored)
Pull Request -
State: closed - Opened by Anemone95 almost 6 years ago
- 1 comment
#8 - add xxe
Pull Request -
State: closed - Opened by JoyChou93 almost 6 years ago
#7 - fix bug 0.0.0.0 can bypass SSRFChecker
Pull Request -
State: closed - Opened by waderwu almost 6 years ago
- 2 comments
#6 - Springboot的Filter拦截器中使用@value获取值为null
Issue -
State: closed - Opened by JoyChou93 about 6 years ago
#5 - 文件上传功能,跳转到upload页面路径错误。
Issue -
State: closed - Opened by Ckmount over 6 years ago
- 2 comments
Labels: bug
#4 - Add new CORS vulnerability example.
Pull Request -
State: closed - Opened by lightless233 almost 7 years ago
#3 - Add new Java URL redirect vulnerability example.
Pull Request -
State: closed - Opened by lightless233 almost 7 years ago
#2 - SSRF的代码感觉有些问题
Issue -
State: closed - Opened by geekmc about 7 years ago
- 3 comments
#1 - ssrf这个怎么使用
Issue -
State: closed - Opened by geekmc about 7 years ago