Skip to content

victims/maven-security-versions

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Maven Security Versions Build Status Maven Central

Identify vulnerable libraries in Maven dependencies.

The plugin is based on versions-maven-plugin. It use the victims database has source for CVEs and Maven artifact mapping.

Usage

> mvn com.redhat.victims.maven:security-versions:check
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Demo Insecure Project 1.0.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- security-versions:1.0.2:check (default-cli) @ demo-insecure-project ---
[INFO] Analyzing the dependencies for com.h3xstream.test:demo-insecure-project
[INFO] Syncing with the victims repository (based on the atom feed)
[INFO] Downloading: https://github.com/victims/victims-cve-db/commits.atom
[INFO] Already to the latest version.
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0094
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0112
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0113
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-0116
[ERROR] org.apache.struts:struts2-core is vulnerable to CVE-2014-7809
[ERROR] commons-fileupload:commons-fileupload is vulnerable to CVE-2013-2186
[ERROR] commons-fileupload:commons-fileupload is vulnerable to CVE-2014-0050
[ERROR] com.thoughtworks.xstream:xstream is vulnerable to CVE-2013-7285
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.200 s
[INFO] Finished at: 2015-11-03T22:30:48-05:00
[INFO] Final Memory: 13M/194M
[INFO] ------------------------------------------------------------------------

Licenses

About

Identify vulnerable libraries in Maven dependencies

Resources

Stars

Watchers

Forks

Packages

No packages published