我想问一下,当Owasp依赖检查发现漏洞时该怎么办。
我最近部署到一个项目,而且我是个新手,所以我不知道该怎么做。
我有一个依赖项列表,这些都是漏洞,所以如何找到稳定的依赖项,以便我可以更新它。
这是错误。
One or more dependencies were identified with known vulnerabilities in <Project-name>:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="24474b49494b4a57094641454a51504d485764150a1d0a10" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-cli-1.4.jar (pkg:maven/commons-cli/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="83e0eceeeeecedf0aee0efeac3b2adb7" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_net:1.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-codec-1.11.jar (pkg:maven/commons-codec/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2645494b4b4948550b45494243456617081717" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_net:1.11:*:*:*:*:*:*:*) : CVE-2021-37533
commons-codec-1.15.jar (pkg:maven/commons-codec/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="4625292b2b2928356b25292223250677687773" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_net:1.15:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0d6e62606062637e206e626161686e796462637e4d3e233f233f" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-fileupload-1.4.jar (pkg:maven/commons-fileupload/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="9dfef2f0f0f2f3eeb0fbf4f1f8e8edf1f2fcf9ddacb3a9" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.6.jar (pkg:maven/commons-io/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d4b7bbb9b9bbbaa7f9bdbb94e6fae2" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_net:2.6:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.7.jar (pkg:maven/commons-io/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f99a96949496978ad49096b9cbd7ce" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_io:2.7:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.7:*:*:*:*:*:*:*) : CVE-2021-37533
commons-lang-2.4.jar (pkg:maven/commons-lang/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0b6864666664657826676a656c4b39253f" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_net:2.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="aac9c5c7c7c5c4d987c6c5cdcdc3c4cdea9b8498" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.7.jar (pkg:maven/org.apache.commons/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="6b08040606040518461f0e131f2b5a455c" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_net:1.7:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.7:*:*:*:*:*:*:*) : CVE-2021-37533, CVE-2022-42889
jackson-databind-2.11.4.jar (pkg:maven/com.fasterxml.jackson.core/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fe949f9d958d9190d39a9f8a9f9c97909abeccd0cfcfd0ca" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:fasterxml:jackson-databind:2.11.4:*:*:*:*:*:*:*) : CVE-2022-42003, CVE-2022-42004
lang-tag-1.4.4.jar (pkg:maven/com.nimbusds/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a6cac7c8c18bd2c7c1e69788928892" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:nim-lang:nim-lang:1.4.4:*:*:*:*:*:*:*, cpe:2.3:a:tag_project:tag:1.4.4:*:*:*:*:*:*:*) : CVE-2020-29242, CVE-2020-29243, CVE-2020-29244, CVE-2020-29245
logstash-logback-encoder-5.3.jar/META-INF/maven/commons-lang/commons-lang/pom.xml (pkg:maven/commons-lang/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="81e2eeececeeeff2acede0efe6c1b3afb7" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_net:2.6:*:*:*:*:*:*:*) : CVE-2021-37533
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-buffer/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f19f94858588dc938497979483b1c5dfc0dfc6c1dfb7989f909d" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-codec-dns/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fe909b8a8a87d39d919a9b9dd39a908dbecad0cfd0c9ced0b897909f92" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-codec-http/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d4bab1a0a0adf9b7bbb0b1b7f9bca0a0a494e0fae5fae3e4fa92bdbab5b8" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-codec-socks/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a2ccc7d6d6db8fc1cdc6c7c18fd1cdc1c9d1e2968c938c95928ce4cbccc3ce" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-codec/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="deb0bbaaaaa7f3bdb1babbbd9eeaf0eff0e9eef098b7b0bfb2" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-common/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ea848f9e9e93c7898587878584aadec4dbc4dddac4ac83848b86" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-handler-proxy/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5b353e2f2f2276333a353f373e29762b293423221b6f756a756c6b751d32353a37" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-handler/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="137d7667676a3e7b727d777f766153273d223d24233d557a7d727f" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-resolver-dns-classes-macos/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="4c2229383835613e293f23203a293e6128223f612f202d3f3f293f61212d2f233f0c78627d627b7c620a25222d20" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-resolver-dns-native-macos/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="87e9e2f3f3feaaf5e2f4e8ebf1e2f5aae3e9f4aae9e6f3eef1e2aaeae6e4e8f4c7b3a9b6a9b0b7a9c1eee9e6eb" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-resolver-dns/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="4e202b3a3a37633c2b3d2122382b3c632a203d0e7a607f60797e600827202f22" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-resolver/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d8b6bdacaca1f5aabdabb7b4aebdaa98ecf6e9f6efe8f69eb1b6b9b4" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-transport-classes-epoll/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="244a4150505d095056454a57544b565009474845575741570941544b484864100a150a13140a624d4a4548" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-transport-native-epoll/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="aec0cbdadad783dadccfc0dddec1dcda83c0cfdac7d8cb83cbdec1c2c2ee9a809f80999e80e8c7c0cfc2" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-transport-native-unix-common/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="8ae4effefef3a7fef8ebe4f9fae5f8fea7e4ebfee3fcefa7ffe4e3f2a7e9e5e7e7e5e4cabea4bba4bdbaa4cce3e4ebe6" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
micrometer-registry-statsd-1.8.1.jar/META-INF/maven/io.netty/netty-transport/pom.xml (pkg:maven/io.netty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b7d9d2c3c3ce9ac3c5d6d9c4c7d8c5c3f783998699808799f1ded9d6db" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:netty:netty:4.1.70:*:*:*:*:*:*:*) : CVE-2021-43797, CVE-2022-24823
postgresql-42.2.18.jar (pkg:maven/org.postgresql/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a9d9c6daddcedbccdad8c5e99d9b879b879891" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:postgresql:postgresql:42.2.18:*:*:*:*:*:*:*, cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.18:*:*:*:*:*:*:*) : CVE-2022-31197, CVE-2022-41946
scala-library-2.13.4.jar (pkg:maven/org.scala-lang/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="097a6a6865682465606b7b687b70493b27383a273d" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:scala-lang:scala:2.13.4:*:*:*:*:*:*:*) : CVE-2022-36944
scala-reflect-2.13.2.jar (pkg:maven/org.scala-lang/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fd8e9e9c919cd08f989b91989e89bdcfd3ccced3cf" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:scala-lang:scala:2.13.2:*:*:*:*:*:*:*) : CVE-2022-36944
snakeyaml-1.27.jar (pkg:maven/org.yaml/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c3b0ada2a8a6baa2aeaf83f2edf1f4" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:snakeyaml_project:snakeyaml:1.27:*:*:*:*:*:*:*, cpe:2.3:a:yaml_project:yaml:1.27:*:*:*:*:*:*:*) : CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854
spring-security-config-5.4.9.jar (pkg:maven/org.springframework.security/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ddaeadafb4b3baf0aeb8bea8afb4a9a4f0beb2b3bbb4ba9de8f3e9f3e4" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:pivotal_software:spring_security:5.4.9:*:*:*:*:*:*:*) : CVE-2018-1258
spring-security-core-5.4.9.jar (pkg:maven/org.springframework.security/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1b686b6972757c36687e786e69726f62367874697e5b2e352f3522" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:pivotal_software:spring_security:5.4.9:*:*:*:*:*:*:*) : CVE-2018-1258
spring-security-crypto-5.4.9.jar (pkg:maven/org.springframework.security/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7c0f0c0e15121b510f191f090e150805511f0e050c08133c4952485245" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:pivotal_software:spring_security:5.4.9:*:*:*:*:*:*:*) : CVE-2018-1258
spring-security-web-5.4.9.jar (pkg:maven/org.springframework.security/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e49794968d8a83c997818791968d909dc9938186a4d1cad0cadd" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:pivotal_software:spring_security:5.4.9:*:*:*:*:*:*:*) : CVE-2018-1258
tomcat-embed-core-9.0.54.jar (pkg:maven/org.apache.tomcat.embed/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="42362d2f2123366f272f2027266f212d3027027b6c726c7776" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:tomcat:9.0.54:*:*:*:*:*:*:*, cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.54:*:*:*:*:*:*:*) : CVE-2021-43980, CVE-2022-34305, CVE-2022-42252
tomcat-embed-websocket-9.0.55.jar (pkg:maven/org.apache.tomcat.embed/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a2d6cdcfc1c3d68fc7cfc0c7c68fd5c7c0d1cdc1c9c7d6e29b8c928c9797" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:tomcat:9.0.55:*:*:*:*:*:*:*, cpe:2.3:a:apache_tomcat:apache_tomcat:9.0.55:*:*:*:*:*:*:*) : CVE-2021-43980, CVE-2022-34305, CVE-2022-42252
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml (pkg:maven/com.fasterxml.jackson.core/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e78d86848c948889ca83869386858e8983a7d5c9d6d5c9d4" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:fasterxml:jackson-databind:2.12.3:*:*:*:*:*:*:*) : CVE-2022-42003, CVE-2022-42004
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5c3f33313133322f7135331c6e7265726c" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.apache.commons/commons-lang3/pom.xml (pkg:maven/org.apache.commons/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f4979b99999b9a87d998959a93c7b4c7daccdac5" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_net:3.8.1:*:*:*:*:*:*:*) : CVE-2021-37533
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.apache.commons/commons-text/pom.xml (pkg:maven/org.apache.commons/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="55363a38383a3b267821302d2115647b63" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:apache:commons_net:1.6:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.6:*:*:*:*:*:*:*) : CVE-2021-37533, CVE-2022-42889
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty.http2/http2-common/pom.xml (pkg:maven/org.eclipse.jetty.http2/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e38b979793d1ce808c8e8e8c8da3dacdd7cdd7d2cd95d1d3d1d2d3d6d2d5" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty.http2/http2-server/pom.xml (pkg:maven/org.eclipse.jetty.http2/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3e564a4a4e0c134d5b4c485b4c7e07100a100a0f10480c0e0c0f0e0b0f08" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty_http_server:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-alpn-client/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="761c1302020f5b171a06185b151a1f131802364f584258424758004446444746434740" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-alpn-conscrypt-client/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="670d0213131e4a060b17094a0408091404151e17134a040b0e020913275e495349535649115557555657525651" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-alpn-conscrypt-server/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d5bfb0a1a1acf8b4b9a5bbf8b6babba6b6a7aca5a1f8a6b0a7a3b0a795ecfbe1fbe1e4fba3e7e5e7e4e5e0e4e3" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-alpn-server/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="711b140505085c101d011f5c02140307140331485f455f45405f074341434041444047" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-client/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fb919e8f8f82d69897929e958fbbc2d5cfd5cfcad58dc9cbc9cacbcecacd" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-continuation/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7e141b0a0a07531d11100a17100b1f0a1711103e47504a504a4f50084c4e4c4f4e4b4f48" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-http/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="58323d2c2c2175302c2c281861766c766c69762e6a686a69686d696e" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-security/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="cba1aebfbfb2e6b8aea8beb9a2bfb28bf2e5ffe5fffae5bdf9fbf9fafbfefafd" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-server/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5f353a2b2b26722c3a2d293a2d1f66716b716b6e71296d6f6d6e6f6a6e69" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlet/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f2989786868bdf819780849e9786b2cbdcc6dcc6c3dc84c0c2c0c3c2c7c3c4" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-servlets/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="9ff5faebebe6b2ecfaede9f3faebecdfa6b1abb1abaeb1e9adafadaeafaaaea9" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util-ajax/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="274d4253535e0a52534e4b0a464d465f671e091309131609511517151617121611" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-util/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="6b010e1f1f12461e1f02072b52455f455f5a451d595b595a5b5e5a5d" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-webapp/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="33595647474a1e445651524343730a1d071d07021d450103010203060205" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
wiremock-jre8-standalone-2.28.1.jar/META-INF/maven/org.eclipse.jetty/jetty-xml/pom.xml (pkg:maven/org.eclipse.jetty/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="412b243535386c392c2d01786f756f75706f377371737071747077" rel="noreferrer noopener nofollow">[email protected]</a>, cpe:2.3:a:eclipse:jetty:9.4.41:20210516:*:*:*:*:*:*, cpe:2.3:a:jetty:jetty:9.4.41:20210516:*:*:*:*:*:*) : CVE-2022-2047, CVE-2022-2048
See the dependency-check report for more details.
我们将非常感谢您的帮助。
谢谢
我期待对下一步的任何建议
最佳答案
我们没有足够的上下文,所以我假设我们正在谈论 Maven,它是 dependency check plugin .
发现任何有问题的依赖项。使用Mvn Repo识别较新的(不易受攻击的)库。我添加了 scala lib 作为示例,您可以看到一个包含已知漏洞的列。选择一个不易受攻击的并用它更新您的 pom.xml 文件。如果您注意到 Maven 不会根据您提供的任何版本更新依赖项,则可能是您从其他地方获得了传递依赖项,而该依赖项覆盖了您。要发现它,您可以在命令行中使用 mvn dependency:tree 来查看每个版本的解析位置。而且,如果没有其他选择,请考虑使用 dependencyManagement在您的 pom.xml 中强加特定版本。
还有一种情况是没有可用的无漏洞版本,在这种情况下,您应该替换该库,或者,如果这是可接受的风险,请考虑使用抑制文件(请参阅插件链接中的示例 7)上面)针对特定的 CVE。
nvd.nist.gov是一个非常好的网站,您可以在其中找到有关每个 CVE 的详细信息。您可以在报告中每个发现的末尾找到 CVE 编号。在此网站上搜索它,它应该会告诉您是否需要采取任何特殊补救措施,甚至如何重现以查明您是否容易受到攻击。
关于java - 当 Owasp 依赖项发现漏洞时该怎么办,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/74769713/