Created
December 17, 2019 02:02
-
-
Save tuxology/2c996c8e050722d4e450f3f734404b10 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "groupId": "net.lingala.zip4j", | |
| "artifactId": "zip4j", | |
| "version": "1.3.2", | |
| "callGraph": { | |
| "cveId": "CVE-2018-1002202", | |
| "versionRanges": [ | |
| "[0,1.3.3)" | |
| ], | |
| "flow": [ | |
| { | |
| "methodSignature": "net/lingala/zip4j/unzip/Unzip.initExtractFile(Lnet/lingala/zip4j/model/FileHeader;Ljava/lang/String;Lnet/lingala/zip4j/model/UnzipParameters;Ljava/lang/String;Lnet/lingala/zip4j/progress/ProgressMonitor;)V", | |
| "flows": [ | |
| { | |
| "fullName": "io.shiftleft.tarpit.FileUploader.doPost:void(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)", | |
| "fileName": "io/shiftleft/tarpit/FileUploader.java", | |
| "lineNumber": "43" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "565" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "499" | |
| }, | |
| { | |
| "fullName": "io.shiftleft.tarpit.util.Unzipper.unzipFile:void(java.lang.String,java.lang.String)", | |
| "fileName": "io/shiftleft/tarpit/util/Unzipper.java", | |
| "lineNumber": "15" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String,net.lingala.zip4j.model.UnzipParameters)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "586" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "516" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)", | |
| "fileName": "net/lingala/zip4j/model/FileHeader.java", | |
| "lineNumber": "249" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractAll:void(java.lang.String)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "450" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "613" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "531" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,boolean)", | |
| "fileName": "net/lingala/zip4j/model/FileHeader.java", | |
| "lineNumber": "262" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip$1.run:void()", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "64" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractAll:void(java.lang.String,net.lingala.zip4j.model.UnzipParameters)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "465" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip$2.run:void()", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "108" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)", | |
| "fileName": "net/lingala/zip4j/model/FileHeader.java", | |
| "lineNumber": "279" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip.access$000:void(net.lingala.zip4j.unzip.Unzip,java.util.ArrayList,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "31" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip.extractAll:void(net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "47" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip.access$100:void(net.lingala.zip4j.unzip.Unzip,net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor)", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "31" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "94" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip.initExtractAll:void(java.util.ArrayList,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "80" | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "groupId": "net.lingala.zip4j", | |
| "artifactId": "zip4j", | |
| "version": "1.3.2", | |
| "callGraph": { | |
| "cveId": "CVE-2018-1002202", | |
| "versionRanges": [ | |
| "[0,1.3.3)" | |
| ], | |
| "flow": [ | |
| { | |
| "methodSignature": "net/lingala/zip4j/unzip/Unzip.checkOutputDirectoryStructure(Lnet/lingala/zip4j/model/FileHeader;Ljava/lang/String;Ljava/lang/String;)V", | |
| "flows": [ | |
| { | |
| "fullName": "io.shiftleft.tarpit.FileUploader.doPost:void(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)", | |
| "fileName": "io/shiftleft/tarpit/FileUploader.java", | |
| "lineNumber": "43" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "565" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "499" | |
| }, | |
| { | |
| "fullName": "io.shiftleft.tarpit.util.Unzipper.unzipFile:void(java.lang.String,java.lang.String)", | |
| "fileName": "io/shiftleft/tarpit/util/Unzipper.java", | |
| "lineNumber": "15" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String,net.lingala.zip4j.model.UnzipParameters)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "586" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "516" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)", | |
| "fileName": "net/lingala/zip4j/model/FileHeader.java", | |
| "lineNumber": "249" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractAll:void(java.lang.String)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "450" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(java.lang.String,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "613" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "531" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,boolean)", | |
| "fileName": "net/lingala/zip4j/model/FileHeader.java", | |
| "lineNumber": "262" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip$1.run:void()", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "64" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.core.ZipFile.extractAll:void(java.lang.String,net.lingala.zip4j.model.UnzipParameters)", | |
| "fileName": "net/lingala/zip4j/core/ZipFile.java", | |
| "lineNumber": "465" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip$2.run:void()", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "108" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.model.FileHeader.extractFile:void(net.lingala.zip4j.model.ZipModel,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)", | |
| "fileName": "net/lingala/zip4j/model/FileHeader.java", | |
| "lineNumber": "279" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip.access$000:void(net.lingala.zip4j.unzip.Unzip,java.util.ArrayList,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "31" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip.extractAll:void(net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "47" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip.access$100:void(net.lingala.zip4j.unzip.Unzip,net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor)", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "31" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip.extractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor,boolean)", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "94" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip.initExtractAll:void(java.util.ArrayList,net.lingala.zip4j.model.UnzipParameters,net.lingala.zip4j.progress.ProgressMonitor,java.lang.String)", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "80" | |
| }, | |
| { | |
| "fullName": "net.lingala.zip4j.unzip.Unzip.initExtractFile:void(net.lingala.zip4j.model.FileHeader,java.lang.String,net.lingala.zip4j.model.UnzipParameters,java.lang.String,net.lingala.zip4j.progress.ProgressMonitor)", | |
| "fileName": "net/lingala/zip4j/unzip/Unzip.java", | |
| "lineNumber": "125" | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "groupId": "com.fasterxml.jackson.core", | |
| "artifactId": "jackson-databind", | |
| "version": "2.8.7", | |
| "callGraph": { | |
| "cveId": "CVE-2017-7525", | |
| "versionRanges": [ | |
| "(,2.7.9.1)", | |
| "[2.7.9.2,2.7.9.3)", | |
| "[2.7.9.3,2.8.10)", | |
| "[2.8.12,2.9.3)" | |
| ], | |
| "flow": [ | |
| { | |
| "methodSignature": "com/fasterxml/jackson/databind/ObjectMapper.enableDefaultTyping()Lcom/fasterxml/jackson/databind/ObjectMapper;", | |
| "flows": [ | |
| { | |
| "fullName": "io.shiftleft.tarpit.model.UnusedObject.<clinit>:void()", | |
| "fileName": "io/shiftleft/tarpit/model/UnusedObject.java", | |
| "lineNumber": "7" | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "groupId": "com.fasterxml.jackson.core", | |
| "artifactId": "jackson-databind", | |
| "version": "2.8.7", | |
| "callGraph": { | |
| "cveId": "CVE-2017-7525", | |
| "versionRanges": [ | |
| "(,2.7.9.1)", | |
| "[2.7.9.2,2.7.9.3)", | |
| "[2.7.9.3,2.8.10)", | |
| "[2.8.12,2.9.3)" | |
| ], | |
| "flow": [ | |
| { | |
| "methodSignature": "com/fasterxml/jackson/databind/ObjectMapper.readValue(Ljava/lang/String;Ljava/lang/Class;)Ljava/lang/Object;", | |
| "flows": [ | |
| { | |
| "fullName": "io.shiftleft.tarpit.OrderProcessor.doPost:void(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)", | |
| "fileName": "io/shiftleft/tarpit/OrderProcessor.java", | |
| "lineNumber": "76" | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| } | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment