CVE-2022-1471

Liquibase Spanner Extension A Liquibase extension adding support for Google Cloud Spanner Include this in your application project to run Liquibase database migration scripts against a Google Cloud Spanner database Performance Recommendations Executing multiple small DDL statements on Cloud Spanner can take a very long time This means that the standard recommendation to use

Drop in replacement for Snake YAML 1.33, this is a fork of the latest changes. The default constructors have been changed to no longer allow remote execution during deserialization.

SafeYAML Drop in replacement for Snake YAML 133, this is a fork of the latest changes The default constructors have been changed to no longer allow remote execution during deserialization For more information read - bitbucketorg/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in You probably don't need this dependency if you're not familiar with

Demo app Swagger URL: localhost:8080/swagger-ui/indexhtml TODO: Update Spring Boot Starter Parent 314 ASAP to fix vulnerabilities from dependencies: CVE-2023-33264 CVE-2023-26119 CVE-2022-45868 CVE-2022-1471 More info: mvnrepositorycom/artifact/orgspringframeworkboot/spring-boot-starter-parent/314

CVE-2022-1471 需要Java17、Python3、maven环境。使用Intellij IDEA打开，然后加载maven依赖，最后直接运行orgexampleApp中的main方法即可。 Windows11中可以运行。类Unix系统没有经过测试。 感谢 githubcom/artsploit/yaml-payload Java17, Python3 and maven is needed Open it with Intellij IDEA Then load the maven dependencies Fina

SnakeYAML-CVE-2022-1471-POC

snakeyaml_cve_poc SnakeYAML-CVE-2022-1471-POC build Either build the jar on your host with mvn clean compile assembly:single Or use docker to build an image with docker build -t snakeyaml run Run the container with docker run --rm -p8080:8080 snakeyaml or the jar if you built on your host with java -jar target/snakeyaml-10-SNAPSHOT-jar-with-dependenciesjar use Send a get re

Chrome extension to add "Why is this an issue?" tabs to SonarCloud for external issues.

sonarcloud-external-issue-helper-chrome-extension SonarCloud External Issue Helper is a Chrome extension to add missing "Why is this an issue?" tabs to SonarCloud for external issues in Generic issue data format SonarCloud supports a generic format for importing issues generated by external analysis tools, like linters External issues have an important limitation th

Create Java Properties files from a yaml file

yaml-props A Maven plugin to parse a yaml file with a certain structure to property files A bit of background This project was developed to replace the current way of generating property and settings files from Excel files at Truvo® After migrating from svn to git it became a real horror to maintain settings and messages (eg translations) in Excel files Certainly when

kb-app This is a spring and vue template for developers which is configured to be deployed and checks for vulnerabilities and more Table of Contents Structure Setup Project Run app with Docker Vue Frontend Spring boot Backend Liquibase changelog generation Deployment Todos Logs Security/Updates Security Updates Structure Spring Boot Java 17 LTS jUnit 5 Testcontain

Code for veracode blog

SnakeYAML-CVE-2022-1471-POC Code for veracode blog To demonstrate the Code Execution, Build the project using maven Execute python3 -m httpserver 8080 to run the http server Run exploitjava You should observe a HTTP GET request on the server To demonstrate how SnakeYAML 20 prevents the attack, comment out the 133 dependency in the pomxml Uncomment the 20 dependency, the

Deliberately Insecure Product

Deliberately-Insecure-Product Deliberately Insecure Product Known CVEs and Vulnerabilities tested Snakeyaml CVE-2022-1471 Top fixes Upgrade to snakeyaml 20 (Uncomment constraint in buildgradle) Use safe_constructor in v13x (Change the safe parameter to true) Project Features: Dependency sharing using gradle libsversionstoml

Spring Boot 3 and java 17 Application

bee004 Spring Boot 3 and java 17 Application Start Change the blank Git project to a a Spring Boot 3 RESTful application Use java 17 Set JDK version -> Java 17 Set Maven Vulnerabilities CVEs, that are reported vulnerabilities: CVE-2022-41854 (Out-of-bounds Write vulnerability) and CVE-2022-1471 (Deserialization of Untrusted Data vulnerability) Additional